96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 20:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe
Size

28KB
MD5

74055287cd19cb6fc677f38e180497bc
SHA1

e512e46eb6e1e4fe5ac067749da7ff427d44b6ac
SHA256

96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d
SHA512

c3802201881ab4d5b0563155aa4c2790492f984b2abbe355ef3131304bb13a1ab386ab37a030f68e80f060c1c2de0f06b0ebf12ebbd9f6d13b27ffb1e4d913c1
SSDEEP

384:UF+Nn3zG3y1dEhfwYhXPFyHVrmlRkFWBsOheuVehviKRt5oFMFOdZ:o+ZG3ydEVlhXdmHWBE7Rt5oFmS

Score

7^/10

persistence

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IEXPLORE.EXE	96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IEXPLORE.EXE	96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speedle Launcher = "C:\\Program Files\\Adobe\\Reader.exe"	96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Adobe\Reader.exe	96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe
"C:\Users\Admin\AppData\Local\Temp\96b526600ee6186e5b08500342b5156ee30e595e76c6396f0561baf4b9610e3d.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
PID:1496

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads