8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e

Analysis

max time kernel
149s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2022, 01:18

Target

8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e.exe
Size

450KB
MD5

90e91ed18936b59de794c2469060dbc0
SHA1

e6933a14b729a06c896c855d9226bcc882748a23
SHA256

8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e
SHA512

ef655a7673f1cd510aceb3cfa8acabd37266557cc72e36a86d1c1d4f44d57440643926c181070b468e31469ab029888ddb36337cd850772c85a3413da6b1c039
SSDEEP

6144:TetVZX+mjm87sPz6AjSOFPBvmiGJgye80QJwyc0yWHFw+a8WyS2E7GdA1l0BCI3O:TQZXFjD7iSO5JmZl0QiV2NwkRi

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e.lnk	8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e.exe
"C:\Users\Admin\AppData\Local\Temp\8fc6c4e2ce6c617bb6ef37a9adc6b2188da9e660fb28276cda585b2a6c6cfb6e.exe"
1⤵
- Drops startup file
PID:1372

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1372-132-0x00000000034A0000-0x00000000034C6000-memory.dmp

Filesize
152KB

Download