1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 04:43

Target

1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe
Size

365KB
MD5

a3a34358280f698075e82de010924720
SHA1

04e6f0a5106cd6f322bc70035429a5c061eeef32
SHA256

1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be
SHA512

133d1ec36aea8129c5f103bf5f952b842f437a736bf14cdd5c66d454516fc38ec32a4336dd194d030980b79a1f683cb8c862bbe59acfdc3087123fa44a7cf455
SSDEEP

6144:PRtuWgj6XWZuAsnv22bk0pGpZQKQQM3IbRRD6LneECpZJtFmbR/LfVCe8m:5tuWd0uWmiZ6xbi+km

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.lnk	1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe
"C:\Users\Admin\AppData\Local\Temp\1661e16a7876140c0bd517206e68c45b11da182d78f9437662df20f9cf69e5be.exe"
1⤵
- Drops startup file
PID:4008

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4008-132-0x0000000002220000-0x000000000224C000-memory.dmp

Filesize
176KB

Download