834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da

Analysis

max time kernel
192s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 07:47

Target

834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da.exe
Size

747KB
MD5

616cc274040d0a9a9bc450d738c84a7d
SHA1

5154c151c32a597968c66ebeb4a6e362b5be0602
SHA256

834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da
SHA512

0a076076695b0e29d423f0446631e3532697ffa39f46f36015f22f74af31d895b9aff75d9ddea33eb8dbb88a6ae357967d08c06d3c7ecd0eab98a5cfa35091f1
SSDEEP

12288:E+J0p6T06/rm6agttTknjkxCdDLAvzVi1X6U+P9iDdHteHCZSxCND:Eym6H/SSjMyvzVi1KU+sDzeiQxCt

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1600	834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da.exe

C:\Users\Admin\AppData\Local\Temp\834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da.exe
"C:\Users\Admin\AppData\Local\Temp\834dd6649a04c76a98321cad0aada325d141d858fb7365c223df439aa00805da.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1600

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1600-54-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download