ac10a9d3bfa9c849e71c29773a6a0514e7168c50e35675f39efe770dd9910c79

Analysis

max time kernel
96s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 15:23

Target

scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso
Size

1.8MB
MD5

1379fddaf175543aaa03d14d9b487ba1
SHA1

59b3b8f97b64149064f24563c51c155c258ca9c2
SHA256

d2178b009e4e39ee1a2afbc6b9ffbc7a2e77f47dbbb6618ae5f25ffacd277834
SHA512

a88d0fb1a43b6eb3861c6f319f58a56394a57b572bd95fd03c0d21183f0c52062a8907c71d7407afabe14fabf738ce3fa8c8ff5a68be9533a3b6476a55d6fb8a
SSDEEP

24576:TB3lPrWuXS/SxockV62gDJmw0WrNpEMiHMFEWQWDyuKcpk:dlPrDvxoT6Fmw0WJGM8QQAyT

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

cmd.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso
1⤵
- Modifies registry class
PID:2240

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact