6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061

Analysis

max time kernel
23s
max time network
80s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-10-2022 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061.exe
Size

320KB
MD5

0c0deb9d2653e2e87898f5cd20824050
SHA1

b7e0923abf16fc454b2a26cbca9e87bb5b25bd1a
SHA256

6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061
SHA512

95866740ebb74a857532c3932ca91b2abdfd0627ba24be7d3433d2c5450adc0fb7897c4b48492cfec74e017cf1032e11be121ed1e554591716fc4b7f924e97e6
SSDEEP

6144:ti+xPxlJGiiB8J66onJGr+qyVztumGS5Ni3hpgoMKMphaeVf2B717z:ttPjJGiic6JGr+qyVztumGS5YqoyU71/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1072	6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061.exe

C:\Users\Admin\AppData\Local\Temp\6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061.exe
"C:\Users\Admin\AppData\Local\Temp\6eb1c157351fe9e5aa0149b52dbd6eada88fbba3d39a5e6ee45686e513169061.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1072
- C:\Users\Admin\jztiis.exe
  "C:\Users\Admin\jztiis.exe"
  2⤵
  PID:1388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\jztiis.exe

Filesize
29KB

MD5
a244ba217f6d31e842eafc8373b9ea73

SHA1
39aa0a1e82107e1414952e76a4a970e265138050

SHA256
cf99356d53708b2da29e0143b81d05da9301b744e95523f805b41b973b235afc

SHA512
4670a3f020dfbfc83ea9d2c85c449b402e2b2592d5e06393b9e53890752a6b6a2d5269c38ae4f8d5afac90df1c9c166d95f21ae8debac252d663741972bbabe2

Download Submit
C:\Users\Admin\jztiis.exe

Filesize
30KB

MD5
5494d5ef4557541c93965824c33afd79

SHA1
5b447020254f2283a97149bcc244da84449edfb0

SHA256
4d83a86836b06b38c92791ef1b573b738a477baa64f9c19b5c9cab94be3f4648

SHA512
17ca9ddaadb16634e3786aae3c4ed0f348d41cca593333035f8c8df116b2e58d91a846916d098f899297579078824ca044c87bc44146cb6c069bc8e06ee001e5

Download Submit
\Users\Admin\jztiis.exe

Filesize
45KB

MD5
c69d4d11fbfcf8c3198a56b8212a2d21

SHA1
cf829aeef4be158296ade266506496ab3218bd5d

SHA256
dced1d312afc6ff42d96bf4f1293343e6a23c0d54d3a15c9fe18222a833ae6c9

SHA512
e1bf96089f021221b220814be6dcea74e92f7796f105b0fc634a4b3acee331f0e5c7b285524a14b9f40e2da8662d7e3af38f56cb84bcda8ff291142e1ffa217d

Download Submit
\Users\Admin\jztiis.exe

Filesize
35KB

MD5
b68068ab447703464cc670c9a46bec42

SHA1
264819ac93a971220b9b40e953a50a4fb819c909

SHA256
a0d5eca72e3dce86e1faad09231c2aaaa4f5483e82204629bedf4ac71ea82300

SHA512
f6c0dcfeb1fb8ca03c3c014b9186c04add53b8aa34de225acc93d0dc1497f6adf1442b11382ac18754863ffbfb18abd6de10f422519563250356ab13ede3887c

Download Submit
memory/1072-54-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1072-57-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1072-66-0x0000000002BD0000-0x0000000002C2B000-memory.dmp

Filesize
364KB

Download
memory/1072-65-0x0000000002BD0000-0x0000000002C2B000-memory.dmp

Filesize
364KB

Download
memory/1388-67-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download