Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
03/12/2022, 21:52
General
-
Target
f143a694e1f0a17f12b1c777d7351fb4f0a8c7405662c250333cee495227ada0.exe
-
Size
357KB
-
MD5
f6ec634270b6c33630afd5af58957220
-
SHA1
f738b28fb051b3b6d0e99ff2608a6464bbd95429
-
SHA256
f143a694e1f0a17f12b1c777d7351fb4f0a8c7405662c250333cee495227ada0
-
SHA512
2b5542618eca9fde2a40ffc9a628535031585b841f8aafa5e15ac20431d21e0b2edc57d879c9323738dc8d4274aaa8a533d61110b46b58b7785288bf27a67bb7
-
SSDEEP
6144:K0Wwr0Ud/ivHsMgPFzQBdXJKXBlKEdzRgIOcM2NhIo0DA3pYWqbjxaYwqOll:ZrrdK0MIFzOdXQKEkV2NhvpsbN1OD
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f143a694e1f0a17f12b1c777d7351fb4f0a8c7405662c250333cee495227ada0.exe"C:\Users\Admin\AppData\Local\Temp\f143a694e1f0a17f12b1c777d7351fb4f0a8c7405662c250333cee495227ada0.exe"1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD51d8349f4da3489ffc31ce5a6ed0e25f0
SHA1ca76366c53d0eaec09eabaf88d49c6e031d25826
SHA2566448c31a0acce67fd362ea42dee06b473cda0ad8e1d0ff5de1023a70aaf7b0fc
SHA512e0f5c4530bf3bb53a179d620d39d03000e84155052ad068bd16eaf7aeeee76d4f63d9e4061295e5b7946a844ef1ba1facd44181af430177e2095286c665c4177
-
Filesize
8KB
