63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74

Analysis

max time kernel
1s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 03:09

Target

63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe
Size

257KB
MD5

e098a3d85c45bfb8c97323627e4f058f
SHA1

40be172779b2d95c450d1c918dc333aeca4a1ab6
SHA256

63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74
SHA512

40ff388b86371d5bd4a2020c702a75a729ee6560b3f7e143fda410de7c1819f5479bc045cdf5b5b28ae7b226ff229bd67c763f55256f404f8e1b9feae77894b9
SSDEEP

3072:sr85C3JT7qz3L6QIQS9uKc+DsTjRmjeWArnVOGggkAjbxjJjDYRiXwgRpi36vgx3:k9BA3L3CjYUFgogZi5

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe
"C:\Users\Admin\AppData\Local\Temp\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe"
1⤵
PID:1952
- C:\Users\Admin\AppData\Local\Temp\3582-490\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe"
  2⤵
  PID:1420

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\3582-490\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe

Filesize
67KB

MD5
8e2d50a6207396aa49e33f72fa79fcaf

SHA1
0a3e5b29c18699fb6525918c9da653016e1c579a

SHA256
b0916fc207322bc2b9075ae02f70644497030d3d109af97835d6947735c48337

SHA512
f89abe1ab9c0b392cdf99c700812d64953d48f9a4ddd25a70bc8e1c8eda7800acfc58db9d57e95a30fcbd14b66b08959ac912ba1dc754317ae2e957054315c75

Download Submit
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE

Filesize
73KB

MD5
c0ef3fe64610b1c460c0672e3354c421

SHA1
244fc09df2e3633c17778ec86d329a03cf5e465c

SHA256
ce74959785974d04a76074ea0df15cfd4b421d63e06678d5b5e805043607adf5

SHA512
ebf41d2a09acb30aa74f3e5963bc421180fc863133bdfabd9182f6ae42bde314b28fb913dd6af78415fe0ab74ef9444d13d4aafa9d1518d0954c8bce18f56b54

Download Submit
\Users\Admin\AppData\Local\Temp\3582-490\63aeacb8de38f4cf69c55d2d86781786f7acb2fd1f01fa444c7b3e5806b66c74.exe

Filesize
41KB

MD5
f5c1228a63bd3f479a56aa2db20e21cf

SHA1
6f499269168252d5740361c2f27b32c6752b621a

SHA256
04e4133af7d5f40dc7a2d2b3a4e6eecc5627dfa1da26d8b5f27fbc2fd642c425

SHA512
f702cf05b647670c24634fb2b2296b75cdf3647b01c082920e4dbfa12b8d2e56f39b88fdc8550ab3e0a32e2d65f795c68c4f5037c3f628cd5b48394b39ccd269

Download Submit
memory/1952-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download