345ac596f12617871bbf4c0584e578c7606451bfa270383ab90f6d57b4d82672

Analysis

max time kernel
7s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

345ac596f12617871bbf4c0584e578c7606451bfa270383ab90f6d57b4d82672.exe
Size

118KB
MD5

58386adaea3b5e737144388e6607d8a5
SHA1

951c5d44f30ecb219117c3e5691b417d1bdba397
SHA256

345ac596f12617871bbf4c0584e578c7606451bfa270383ab90f6d57b4d82672
SHA512

8d6417cf5243f1d22ff17164f90055925e7de11d39f194723749d50f0e97810ab33d48356c571a681546e577750c1bd13781848d0f24c1c8a01e9c7560b7788e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\345ac596f12617871bbf4c0584e578c7606451bfa270383ab90f6d57b4d82672.exe
"C:\Users\Admin\AppData\Local\Temp\345ac596f12617871bbf4c0584e578c7606451bfa270383ab90f6d57b4d82672.exe"
1⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\fakerror.exe
"C:\Users\Admin\AppData\Local\Temp\fakerror.exe"
2⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\injector(automatic).exe
"C:\Users\Admin\AppData\Local\Temp\injector(automatic).exe"
2⤵
PID:4372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fakerror.exe
Filesize
7KB

MD5
3f4bc3d0287d911603691767c5d372fa

SHA1
04dcd270b7ed88185d2374ca0f825adbd058a51c

SHA256
c07e16bba6f09bead939ed6e38f23a55de6515558679a8bb8f722ef4edbb1909

SHA512
f560a7e3e4c0931ca45237d85f65a711a5033ffb2b825145013c7b9289b0010e0f0f4cdc4f77882d565f1e97ea9825c9d4aebfa55fb7b44624a8ef7e9134a797

Download Submit
C:\Users\Admin\AppData\Local\Temp\fakerror.exe
Filesize
7KB

MD5
3f4bc3d0287d911603691767c5d372fa

SHA1
04dcd270b7ed88185d2374ca0f825adbd058a51c

SHA256
c07e16bba6f09bead939ed6e38f23a55de6515558679a8bb8f722ef4edbb1909

SHA512
f560a7e3e4c0931ca45237d85f65a711a5033ffb2b825145013c7b9289b0010e0f0f4cdc4f77882d565f1e97ea9825c9d4aebfa55fb7b44624a8ef7e9134a797

Download Submit
C:\Users\Admin\AppData\Local\Temp\injector(automatic).exe
Filesize
50KB

MD5
4289aac728fc2b0e70b11545aa54cd1d

SHA1
9b1aea2c3197bbe75e69220489ee68e8cbeebe80

SHA256
a57c5f01459bb64ab46bd17da672b99d0ec2bab7e0442aeae76aa56a08e0b53c

SHA512
1bb9d613f6787081311a96bbc110c8d59b450822f15fef1e25623b8112c9d681714aaa0a2fd31dd339d3b7f3c3e6c707426b81a030fc8cff37dbaabf5c01cb0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\injector(automatic).exe
Filesize
35KB

MD5
ac99e04ec13a27c1a26a8b6e95edb353

SHA1
3dcd396444b78dd458cdd352fa6b5a14e6c2530f

SHA256
898e680322df151c3b38ec653c5eef6c7509f472d7a0ea9d1ee5a7aa90e47c2c

SHA512
aa24ae87aca8541d03223fdb721ca99c5b4fe78632711f71cbfbb20d873b617f32d6c19c276e081ed17b8ff3d30c105df351bb804615b13235b22706a39a1be2

Download Submit
memory/4372-140-0x00007FFEFD280000-0x00007FFEFDD41000-memory.dmp

Filesize
10.8MB

Download
memory/4372-142-0x00000151A8710000-0x00000151A871A000-memory.dmp

Filesize
40KB

Download
memory/4372-136-0x00000151A8340000-0x00000151A8360000-memory.dmp

Filesize
128KB

Download
memory/4372-133-0x0000000000000000-mapping.dmp

Download
memory/4604-137-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/4604-139-0x0000000005780000-0x0000000005812000-memory.dmp

Filesize
584KB

Download
memory/4604-138-0x0000000005C30000-0x00000000061D4000-memory.dmp

Filesize
5.6MB

Download
memory/4604-141-0x0000000005830000-0x000000000583A000-memory.dmp

Filesize
40KB

Download
memory/4604-130-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads