4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018

General

Target

4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
Size

3.3MB
MD5

1e5f31698185dea0d7a4a97b985b1114
SHA1

e32a470e099d433abaac3f61c096b9d3e0efcef6
SHA256

4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018
SHA512

f64dfb4c6f1acb2ff7318c2b16f026c8fdd67a05f450356c979c795c0fa86272b5b292944ba18eefc57c5ece52422f03e076d58d56b27d59c539c9ff114b2815

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\G:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\R:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\F:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\H:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\K:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\Q:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\U:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\V:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\W:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\I:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\J:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\L:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\O:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\M:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\N:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\P:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\S:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\T:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\X:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\Y:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
File opened (read-only)	\??\Z:	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
896	4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe

C:\Users\Admin\AppData\Local\Temp\4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe
"C:\Users\Admin\AppData\Local\Temp\4c75f7de452cf66eddd2bd2313419f95b43704677b1b9ab21b809e80b38fd018.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-55-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-54-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-56-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-60-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-59-0x0000000076011000-0x0000000076013000-memory.dmp

Filesize
8KB

Download
memory/896-58-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-61-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-57-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-62-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-63-0x0000000002380000-0x0000000002500000-memory.dmp

Filesize
1.5MB

Download
memory/896-68-0x0000000000400000-0x0000000000A40000-memory.dmp

Filesize
6.2MB

Download
memory/896-69-0x0000000000400000-0x0000000000A40000-memory.dmp

Filesize
6.2MB

Download
memory/896-70-0x0000000000400000-0x0000000000A40000-memory.dmp

Filesize
6.2MB

Download
memory/896-74-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/896-75-0x0000000000400000-0x0000000000A40000-memory.dmp

Filesize
6.2MB

Download
memory/896-76-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

Filesize
64KB

Download
memory/896-77-0x0000000075970000-0x0000000075A80000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing