Analysis
-
max time kernel
96s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
24-11-2022 00:05
General
-
Target
b6106456ab1302016c78eba1fd04a5dcf39de4d0e0415d4a75a10124239a7c99.exe
-
Size
4.3MB
-
MD5
10bc67949d18c3224be4f4dbccc014bf
-
SHA1
ddc516bf4f3a8d140f9781eee53c6257f82a2706
-
SHA256
b6106456ab1302016c78eba1fd04a5dcf39de4d0e0415d4a75a10124239a7c99
-
SHA512
b18a736ab96584e89a706f13be23d1acafb817cc3091f8dca51264c22a9c2bf25ff3fe539d9c199e843332b575a2b42c594d668e9fd0df990b850ee65b13d809
-
SSDEEP
98304:o9MpHhvYzprr/vBHijXUMgBZwcU9hbkBjL2mGTO2+72AeqL//H4:9pHh2nnQpgBZwv9xSky2+77/H4
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6106456ab1302016c78eba1fd04a5dcf39de4d0e0415d4a75a10124239a7c99.exe"C:\Users\Admin\AppData\Local\Temp\b6106456ab1302016c78eba1fd04a5dcf39de4d0e0415d4a75a10124239a7c99.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken