c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:32

Target

c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe
Size

46KB
MD5

57203ebfad773d5fe54b864082bd5af0
SHA1

adbb83591ef5e9e4b78f6a84b21da1db13efe73a
SHA256

c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3
SHA512

bd8265f79fb1c3bdab1ded4d8d36b4d537d34a0735865970ea3e1e6e2e42f1c833ed092142f1d1d201c0a4daabf2c601d4f83b6c269f0870c6f5fe0af2a961ce
SSDEEP

768:P4dkL3Hnkk4wKOjZCPFosMzddCWzkhXWS5OJ5TMEWL6twh1hjgnFtROXfqF:Q9OLsMddCWCkJ5tnMhjgFtRYfqF

Score

4^/10

Drops file in Windows directory 2 IoCs

Processes:

c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe

description	ioc	process
File created	C:\Windows\xcopy.exe	c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe
File opened for modification	C:\Windows\xcopy.exe	c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe
"C:\Users\Admin\AppData\Local\Temp\c774795e1c14a2ef5631d4ddfea785384b0e4c1e5d9438a82a2eb93668dc0ae3.exe"
1⤵
- Drops file in Windows directory
PID:1740

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1740-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1740-55-0x0000000074171000-0x0000000074173000-memory.dmp

Filesize
8KB

Download