31aa0f62d4e482b178e798954c9552405270b9bc1ab0a8f3b57a21f0f4d80c30

Analysis

max time kernel
2s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 00:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

31aa0f62d4e482b178e798954c9552405270b9bc1ab0a8f3b57a21f0f4d80c30.exe
Size

96KB
MD5

0059b4476e739061dc3fdb70ba1c0be6
SHA1

81877900522b98c235e26ce64d1bbf776e15be57
SHA256

31aa0f62d4e482b178e798954c9552405270b9bc1ab0a8f3b57a21f0f4d80c30
SHA512

6a952f402a0e94747679a8c72c563b361395cbc6d111d73b00a4bdc8cf61d326c2ed77f620f8f5e0e6a45da86e8620343e8ff4d653dc5249f1294c58a47665d1
SSDEEP

1536:3CtsbjHF1FZcnZcGVBkvb6tUL8TTn7T4PW9cY9efi2s9kpJ:3RCZjwvb6tnT4PW9b9Yi2se

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\31aa0f62d4e482b178e798954c9552405270b9bc1ab0a8f3b57a21f0f4d80c30.exe
"C:\Users\Admin\AppData\Local\Temp\31aa0f62d4e482b178e798954c9552405270b9bc1ab0a8f3b57a21f0f4d80c30.exe"
1⤵
PID:2120
- C:\Atpuma.exe
  "C:\Atpuma.exe"
  2⤵
  PID:3940
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\2956.vbs"
    3⤵
    PID:5016

C:\Windows\Qsocjkt.exe
C:\Windows\Qsocjkt.exe
1⤵
PID:3452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\2956.vbs

Filesize
500B

MD5
e9826e92cfd3672db9e979db8d6a662b

SHA1
f8bfb3f77efd5324dc8b1334b3db2a764353e7c2

SHA256
790b0732021cecb05f148b81a3cb1c50dd1a5b38605a5b2c9495bf3d5b65e46b

SHA512
cfb5d0592aa501d08f5290a3bd1a50c0a5d752755add41046d6f905077dc6faf77bc6103d5359d27add6bb7865fe18378c1481e471c14bd7dd69d4d5c0a57739

Download Submit
C:\Atpuma.exe

Filesize
47KB

MD5
8df0194917af2ba87af1abdf22c28e32

SHA1
fd044b551d878321d71e927942ab4bcc5180427f

SHA256
2430fcf043c589358ac1ccf5c20ac17c3782a514cc335e2e0ffedd5231d4a234

SHA512
d6a5e75c689e783d21734e8e524fd5641fda569600ed3de4a98b417cdbee05d2f2de95a48083d5d6c443ae72eca27aa81114535d3c422ce9788f0252ed8d04db

Download Submit
C:\Atpuma.exe

Filesize
25KB

MD5
548c8a301215b14e4584ab0a7e3424fd

SHA1
fec99cd1cfdcee557ed40fb65ccf7cf6abd90625

SHA256
a58268c2222e6e6d4daba45e4ab20cfa87d8063be7bc524d6577246e0b4474bf

SHA512
5445ab47303eafe805581371e7e05c9389e916e5a5e651825a7d175d854fde2035eb78b0ebcf2e53572160aa18fd0f91548ed77448dfe38ebb7f702fd4114c10

Download Submit
C:\Windows\Qsocjkt.exe

Filesize
57KB

MD5
ad69e99045581f96ee3d26a86ab0ee0e

SHA1
d851fe64c660654edffdea3cc391da4d7614213a

SHA256
9350a2565b2f956d2a8a06fd6b48bcb185a2f37f68b1a55fad262bf9eac23eb1

SHA512
dfd434b2dc1c26181292332c57cbf5930c199af98f5d059a40760328ec48090c4d1f34e1b3fa9d14691fa3125ed4219096805ae58d5e69c1f10aa7a95231fafb

Download Submit
C:\Windows\Qsocjkt.exe

Filesize
38KB

MD5
c0b1cb8f145cf6398a010376be43b82b

SHA1
f7c6f043609a824280f74181688d2a5c8004c8d2

SHA256
839e1f286fcb1bb8a86310c22cc2862ec26f1ccebfeb9851aadc8db93df11c1c

SHA512
e6b7fd0c868f1b44e25dbdf368803111e627be65e80093ed37e4107156d502d954aa9327f22a11d70f940b81716d8bd080055104b8de5368e6d67660edcf6178

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads