6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 09:31

Target

6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42.exe
Size

831KB
MD5

74931081a91984bd364a3151aceba7a5
SHA1

fda984f29e2782a698a4f8c6939113b999d13f15
SHA256

6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42
SHA512

a8ccf71ffddfeb3fb0f86204c4a564e864960890b652150e4fef9bb74b55c56e002643144be9a5c21c73488232fb0e52920d594f1b1ce12e0af0616ee8238229
SSDEEP

12288:OquuJcz/jvPAcHtbL2uzpazN3uaL3hJx/D311ULEWIKWc2az:zuicr8cNbpzwB+arhJx/D33l0XDz

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4236	6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42.exe

C:\Users\Admin\AppData\Local\Temp\6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42.exe
"C:\Users\Admin\AppData\Local\Temp\6c6ee19d420d607c48f492ec3137aebec7be64f2c63e15c96ec17997a9036a42.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4236

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact