d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f

Analysis

max time kernel
155s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 17:59

Target

d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f.exe
Size

297KB
MD5

b22f650f135d050e939c41a9c7c7b85e
SHA1

966b668c8cba80a021fafcde9404c902c1afe309
SHA256

d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f
SHA512

5e142bbc4acb1d8aaf212dca94e4346997757a3d0712a12374674584dd165ee8fbb3d5dff2ad615594a52710bfa4abffb3400eebd023cdac377577a0492aa8dc
SSDEEP

6144:QjNtUrbzJvze1JqwPe9Ih0ZqLLu14jA01kgf7KVbvxG:QjNOz9zevBWK0ZgHUWzKVbvxG

Score

7^/10

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f.lnk	d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	d1bfde2836d7c0360a93a4632bc1ad230ff0391b543ef1686dfd74ec7b147c0f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4144-132-0x0000000000CC0000-0x0000000000CEF000-memory.dmp

Filesize
188KB

Download