a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0

Analysis

max time kernel
150s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2022, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
Size

742KB
MD5

12006798b03a4d2406428a11171cc389
SHA1

5ff0dd6582ea4df4c629c1ad9d2042210c8ea714
SHA256

a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0
SHA512

145f263db932412b550aaeb33bffe87338fcb234b0960985f12bff56f3a9c89e8ee35c834abe5aefb4fba8f1bbb7902f39017b4f4498e8291f32468b4678c752
SSDEEP

12288:wMEMrPHtuoHXFyq62yM/FsvYW71di5JOQ1jTpL5ETrZ/jE9Je3ePQhEjl:7TrPHtuo3FySL5ETrZ/A9Je3ePQ+l

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
3116	a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe

C:\Users\Admin\AppData\Local\Temp\a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe
"C:\Users\Admin\AppData\Local\Temp\a78be2b6336aae5c9d968aa5728e878a613220ae1893a7f6261b9c53383175e0.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads