e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d

Analysis

max time kernel
129s
max time network
145s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 19:21

Target

e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d.exe
Size

626KB
MD5

900dc086c63de916833fc65a2ea1f3b0
SHA1

213dbe1359aad4719623a659dfc10dcc81e788ef
SHA256

e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d
SHA512

869aa6d5d08e29cbd205bcdecf21996df6c74511c862ba78acc4099d1f06a4d20eb3b3c09f9efeb02aaaae876dd5c1d80cc7f2b00f8f4ef0c899049a65c1c21b
SSDEEP

12288:BhkDgouVA2nxKkouvdRgQriDwOIJmxiZnYQE7PJch4afxf:PRmJk9oQricOIoxiZY1bafxf

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
112	e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d.exe

C:\Users\Admin\AppData\Local\Temp\e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d.exe
"C:\Users\Admin\AppData\Local\Temp\e61e2210790de7ebc9705ab29b4685dc4fd2dc176915efec28c2f84c70fb337d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:112

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/112-54-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download