Analysis
-
max time kernel
127s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
02-10-2022 01:12
General
-
Target
ba966e0c226f46ceaecfe20d1ac32aaeec2b4b81f09885e167c02e3f769be4c9.exe
-
Size
895KB
-
MD5
70444d7fbd8abd36d455e0eda0abf711
-
SHA1
b57cfab674e3d7cfa6155763fbd1fa2561921db5
-
SHA256
ba966e0c226f46ceaecfe20d1ac32aaeec2b4b81f09885e167c02e3f769be4c9
-
SHA512
a81c2c24b6284557630885c7f8914423ecee61de97f7fe5fd765551131f890a283bd9acd8d257d3aa9c1718d1830ad0e2f866f01020402651c89446f6dcc97fc
-
SSDEEP
24576:AxqT31T6WE6I5jKqosOm+b5Ak+/cTI3sh3+:P6WE6IN95+b5Al/cTI3sh3+
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba966e0c226f46ceaecfe20d1ac32aaeec2b4b81f09885e167c02e3f769be4c9.exe"C:\Users\Admin\AppData\Local\Temp\ba966e0c226f46ceaecfe20d1ac32aaeec2b4b81f09885e167c02e3f769be4c9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\s.cmd2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
285B
MD54f42ddacf87dec2796e1f9cd34c52685
SHA1647950033a85159e033f798099979f1e7ee023fb
SHA2561ee7db473d6954af3fe61e35d5057fe413d8149a55c4794cd626a18538f9cf67
SHA5129bef17c292f943c182f7f335b70075c63d9ba8c66762b276af3079af533de78fb14c285174d5b3b767deaa09a524e3e100a64e54958d8739a27c82d66f3dfe86