b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 03:39

Target

b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3.exe
Size

1.1MB
MD5

4160f76824217d5c780bc2131f505702
SHA1

8f1d91851bdf8435b3b83d82cd4cf670b0d74da8
SHA256

b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3
SHA512

a73ea3882dd00a5d80f12b61e33a30940a073c6f787327cd23f6578c8839e35dba3c5d028bdbb66a72c55ce3bf09abbe8bcfc754cfba259af2c4ac4c6391e028
SSDEEP

24576:Nh1+Vt2mUALfNbEWd7biD1GmLmepK+CPbOVA7H7Tyv2QiK8tVMUea50Dmp:UnzLfN3d7b2zCPai7H7Ty+Q6KUea50DK

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
576	b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3.exe
576	b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3.exe

C:\Users\Admin\AppData\Local\Temp\b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3.exe
"C:\Users\Admin\AppData\Local\Temp\b1caee5494356dacbce8b07363bb0bf18b3191e6d3ec526c45c1972c199520c3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:576

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/576-54-0x0000000075911000-0x0000000075913000-memory.dmp

Filesize
8KB

Download