a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc

Analysis

max time kernel
39s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:13

Target

a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc.exe
Size

823KB
MD5

2c229fa38834f733a8beb27a509bb4db
SHA1

047024e022599beb3f1e82ad48df1f59cec36e0e
SHA256

a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc
SHA512

f6e536e7c46e130ad80e99358d1f006d47a1234d950c06bb565d5e8d51cfe3c2abece85ef42e7d78d272076b8f642d07bf2b2a5817c9202b5ce284dd7dd326f0
SSDEEP

24576:YueBr8cNbpzwB+afQqkXsW0QU0PtAHXEoTX3wgv9xV:YurcNpkB+RJcr4yH0oTXggv9xV

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1788	a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc.exe

C:\Users\Admin\AppData\Local\Temp\a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc.exe
"C:\Users\Admin\AppData\Local\Temp\a5bfae8fc8ea7a9897262b12af33e6cbbcb53fb86c69f1a98e1683794a4645fc.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1788

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1788-54-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download
memory/1788-55-0x0000000074771000-0x0000000074773000-memory.dmp

Filesize
8KB

Download