bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002

Analysis

max time kernel
190s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 15:42

Target

bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002.exe
Size

299KB
MD5

63b892cb8899ec60abfeeae7c2a04e7d
SHA1

ab3e0b8717b5b54aeb483268d73cafe9ef1dadca
SHA256

bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002
SHA512

e3586263e6da1f1fc7008cb4c527890d8bb34cbe72d806e98980cd4108fbb4f8f6c4dc3209ae214a860d9ab87df42665eebbd4d60f8d2d5252585abe7892244a
SSDEEP

6144:0+LvA62zibXLdLKGqEGnCSIOhyG9QOtcQk7W1TEuMLm:0evA64i9LKGqZeOf9viQkKhEuMLm

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002.lnk	bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	bce6c472086accde5135630b762e628b85c0055818a0d5d35144a3d6bb717002.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/672-132-0x0000000004150000-0x000000000417F000-memory.dmp

Filesize
188KB

Download