a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:14

Target

a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae.exe
Size

829KB
MD5

1b35e26dcd66e9cdb89a426b155f45e2
SHA1

748301174ed9ad519163083c8cf7b41691b395ae
SHA256

a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae
SHA512

6b460822f625f559e007fa29e62e98295da3a7b11124b9e038d5a13d76db3957670a91f066d1b77a9bf8c20e39667c72acbcd4577f88fb597fce1c55b1bcd703
SSDEEP

12288:kDuud8z/jvPAcHtbL2uzpazN3uaLMDx5x59SH5PM/JMSluaGkJ0KULWV2E:4ue8r8cNbpzwB+aQDx5gHMluafVZ

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1132	a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae.exe

C:\Users\Admin\AppData\Local\Temp\a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae.exe
"C:\Users\Admin\AppData\Local\Temp\a19a2f86d1578d478e3b389cccd01695f54a5b2495e9016e9b1887f91e3ef1ae.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1132

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1132-54-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1132-55-0x00000000741A1000-0x00000000741A3000-memory.dmp

Filesize
8KB

Download