Analysis
-
max time kernel
153s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
30/10/2022, 20:58
General
-
Target
a8ece6db229b1c6661b0d358e21a8a8c379a76008d4dffd8a9dce63a7bfa0425.exe
-
Size
1.0MB
-
MD5
906c9882d3fd2791d344b00e183e4ee3
-
SHA1
9fdb27970eb0444de8c587c6cb49a416319684b1
-
SHA256
a8ece6db229b1c6661b0d358e21a8a8c379a76008d4dffd8a9dce63a7bfa0425
-
SHA512
51f430628283ba9f0818160d8e87a2bfbc7b8521ab7b088d86ad1ac91015b716264d176add354e8f59f24373f2d9f1b8c58ef64573cc14caeec85b7fdf0f07e4
-
SSDEEP
12288:D6SKqT31T6WpJY6V765jKqostkm3ObEkizMWCfA1LV:2xqT31T6WE6I5jKqosOm+bEyWqA1LV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8ece6db229b1c6661b0d358e21a8a8c379a76008d4dffd8a9dce63a7bfa0425.exe"C:\Users\Admin\AppData\Local\Temp\a8ece6db229b1c6661b0d358e21a8a8c379a76008d4dffd8a9dce63a7bfa0425.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\s.cmd2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
285B
MD58b6c27fcbccd8db5dda09e0be8fcaab5
SHA1638985d8f32b263133be545462f62bcc688cd427
SHA256b9187e22fa97886b25b1f5b2163b34885426fb650f6495fac1f318e97a57ace0
SHA512e564c80aeb2bd5239fb3ae70d866136dc029c93335829a54022a194840b1a07d2b37efdb48fce5fd5a9801a2218aa6efcba3ed68fe9d1120a6de47eb5f8d2eee