Analysis
-
max time kernel
125s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 03:13
Static task
static1
Behavioral task
behavioral1
Sample
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
Resource
win10v2004-20220901-en
General
-
Target
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
-
Size
908KB
-
MD5
fa2a7fc59b0b204f6e9223068dece64d
-
SHA1
1d36f75bcbd1794b6306a94d02b731677782dddb
-
SHA256
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483
-
SHA512
59c1749e85f85f5eb5aa8168bf4ee7ba2c4dd18572d011467d730c056f8d0299623b28c18ffaa1f10a6f63dc42c1110025f2e0f7911998a1006cd9cabbf091a5
-
SSDEEP
12288:8tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga6kFd1Qhm4R6A:8tb20pkaCqT5TBWgNQ7a6kF/Qh3R6A
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NTFS ADS 1 IoCs
Processes:
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\winmgmts:\localhost\root\cimv2 8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe