Analysis

  • max time kernel
    156s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 19:40

General

  • Target

    54ec0cb925a97a58e7c1fdd41d5fad59dce4d151db6840eb232a256bb69d3561.exe

  • Size

    369KB

  • MD5

    e51fbaf93be8da9efa3faa0e2b3f73e3

  • SHA1

    994718788964f011e0a3635fa8a5963ade68026a

  • SHA256

    54ec0cb925a97a58e7c1fdd41d5fad59dce4d151db6840eb232a256bb69d3561

  • SHA512

    f4a620e64b4003abd424a02a62a67f3ea270953ac568e2ff13706471b8164e299082709f608c6f5bec50469da861a48aea6a3fe50dc89b2b5a9e150910ce83ec

  • SSDEEP

    6144:Z3jbfJEqbmsj7FDXxBd3GU/Fz0JgK5RboXjpp3CO/z8gg5YwgC4xnWgYKg2lAh5J:B2qbme7FbQaggK5dol7A7rl

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\54ec0cb925a97a58e7c1fdd41d5fad59dce4d151db6840eb232a256bb69d3561.exe
    "C:\Users\Admin\AppData\Local\Temp\54ec0cb925a97a58e7c1fdd41d5fad59dce4d151db6840eb232a256bb69d3561.exe"
    1⤵
    • Drops startup file
    PID:4484

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4484-132-0x0000000001610000-0x000000000163C000-memory.dmp

          Filesize

          176KB