c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2

General

Target

c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
Size

709KB
MD5

4474cbf26e8b91f7d9655a2d2e243ce5
SHA1

2b304d8560450b03b0af684133a48716eefaf453
SHA256

c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2
SHA512

236067aa37cf8384ce4734b07e666925298187b490b73a55f4ef75860bca6e1092b4d13a99b3252de6b68e0c7154d5d67eea244f9bf658dd96b12f3e401f93e3
SSDEEP

6144:qAYBmcBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBF:qAYh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe

pid	process
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
1140	c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe

pid process

1140 c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe

C:\Users\Admin\AppData\Local\Temp\c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe
"C:\Users\Admin\AppData\Local\Temp\c5aef1892f0f809905fa5f6b181cd1536c85864c04fc35dc53080461887214d2.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1140-132-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1140-135-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing