Analysis

  • max time kernel
    91s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 04:43

General

  • Target

    1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe

  • Size

    365KB

  • MD5

    a3a34358280f698075e82de010924720

  • SHA1

    04e6f0a5106cd6f322bc70035429a5c061eeef32

  • SHA256

    1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be

  • SHA512

    133d1ec36aea8129c5f103bf5f952b842f437a736bf14cdd5c66d454516fc38ec32a4336dd194d030980b79a1f683cb8c862bbe59acfdc3087123fa44a7cf455

  • SSDEEP

    6144:PRtuWgj6XWZuAsnv22bk0pGpZQKQQM3IbRRD6LneECpZJtFmbR/LfVCe8m:5tuWd0uWmiZ6xbi+km

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe
    "C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe"
    1⤵
    • Drops startup file
    PID:4008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4008-132-0x0000000002220000-0x000000000224C000-memory.dmp

    Filesize

    176KB