5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc

Analysis

max time kernel
190s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 09:37

Target

5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc.exe
Size

731KB
MD5

9eb3d763ec6dda3595fe771808ba5cd1
SHA1

d3c18a1821d9d971de332031b6f11ae203ef63d8
SHA256

5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc
SHA512

11c381086962eab9fa8de5f9465d6e53e058780cf2ce09534940e7a8d2f4ed399a33d8cc07ade1c03aeeb3368b31d6388beddd1ca0c3239a178745b6d7b5a313
SSDEEP

12288:Iuud4YcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQf1Ym1eGu8+VK4jogDO5:Iue4YT/hmflRBmqPeQ93D4AQhenlIIoR

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1880	5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc.exe

C:\Users\Admin\AppData\Local\Temp\5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc.exe
"C:\Users\Admin\AppData\Local\Temp\5d33b89e335088fbf6e1fdf4eaddc1e585d7dfdd7d31f3f0b54903ab084aefcc.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1880

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact