c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3

Analysis

max time kernel
281s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 03:13

Target

c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3.exe
Size

564KB
MD5

54a17ddfc372ede52ea34a17e06db86f
SHA1

1efbbdb598ed1750c073637cccde5a0f763a3634
SHA256

c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3
SHA512

9f29abb657084416a531657002193b2597eacef5229237ee5fdc55df0d9ee8d803080eb3d4b4037182c3f4d6009150c596aa13750bdf52ae2ac8a570dc894112
SSDEEP

12288:PGQlIdQ8lIglrNYlPGAHQlmKgGRPcIxWcOA7:P/IdQ8KglrNYltim/GRJx8A7

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1608	c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3.exe

C:\Users\Admin\AppData\Local\Temp\c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3.exe
"C:\Users\Admin\AppData\Local\Temp\c5573e1d3f921f530812d09274da36e2130859b8bc2c9667b0db857ef80a42a3.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1608

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact