ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 09:09

Target

ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15.exe
Size

369KB
MD5

0af71fe8e518fc3116b129924f702818
SHA1

33805e24a8c947e3eb0bae262dc1abeb362f27e5
SHA256

ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15
SHA512

65efac7e81d8afa84d797b01d50989b9c936eb63225befcdbaf16276927862ef825d2bfe62b943583cd654ec1e619bf7de5d79d4b30f60101021000128ce530d
SSDEEP

6144:DUKNkmar69/64JLBnoOupE5KIMtB+XMfZBM1ITKcXY1L9IA5XfT9b4uI:DFCmk064J96B31v

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15.lnk	ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15.exe
"C:\Users\Admin\AppData\Local\Temp\ab800fe06fc360175ce3b41b0ca970589a5660bef7e6263f5e5b2a6a06f8cf15.exe"
1⤵
- Drops startup file
PID:516

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/516-132-0x00000000015B0000-0x00000000015DC000-memory.dmp

Filesize
176KB

Download