2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe

Analysis

max time kernel
111s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 06:05

Target

2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe.exe
Size

50KB
MD5

0ada893e108251a74f806550f92f4b12
SHA1

b6de969665efcfa92fe9cf60aba9d1865ae52aa1
SHA256

2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe
SHA512

674e80b468caadd7696922b9f2ee49c97f4265db6309a708b764eb9800d310b8505f50e081774c1798a491e5e15c2392153ae667daa362337ebdefd1d9c66fa1
SSDEEP

768:l1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJYPVN53aJQh2I4aCJ9LGwDD/KGuHgX:TQpQ5EP0ijnRTXJIVN5cQ8IvCTGwxuHO

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2224	2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe.exe
"C:\Users\Admin\AppData\Local\Temp\2841689ccc222fb2e3256a0aff839d3fe8eec58541a7d437de65fef111538efe.exe"
1⤵
- Loads dropped DLL
PID:2224

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\nsjB8D7.tmp\7c03fa5a-ec57-4b00-b246-0b481844417b.dll

Filesize
19KB

MD5
e954b160569d93a18c05f3bef22bf899

SHA1
91a819ca0d69d9c79cc02ed992f73621e3129d6e

SHA256
64395ca9183c287e60a42cf75c3f51fbbf867099a540fb4e5da81dbe007e8652

SHA512
79df533fd71ccd061fe45c1632f279b397163237b5ed7547a0aabfb01a83a1c906285e1741c5862022ef6167cfcd63293fc2da342268f27eb0fb387886714970

Download Submit