df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc

Analysis

max time kernel
131s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 06:29

Target

df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc.exe
Size

74KB
MD5

46bbc683a1447d907dab9cf9ac094760
SHA1

d1ddebb727deca725c2ec4ce742d8d1a0f055680
SHA256

df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc
SHA512

5b74c5a6034006676a65a94881b69095ecb2df0656bd66b53cb507d8a1246407934841e44e57e152d41dbfca5513ca5d19b077614def7dc1ac8bdb71a032238f
SSDEEP

1536:BHFSfARDSW0HefHbmJJe8pqT/PbFHrW8y+zloz8kAB0ppkX:BlTSr+vbmJw/PbFiUloPABSE

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc.exe

C:\Users\Admin\AppData\Local\Temp\df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc.exe
"C:\Users\Admin\AppData\Local\Temp\df732418b681509221f37d8c8db93fadeb4289b0526fb737bbe7d7064ac485bc.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2040

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2040-54-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download