1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 03:21

Target

1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8.exe
Size

822KB
MD5

42391049b4d04f1ec5179f7e61714aed
SHA1

58d3c5f957bee95c8366accd7c9bdebc9c218da2
SHA256

1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8
SHA512

75a8d632cd521246cc74707e3d6cba51c8d887afacec71d211b0eb20c4a7371c31f8cae48103b5180c9bab24de57392cfb7bc4feed43ef0f0c9d6fab0219320e
SSDEEP

12288:SquuJ3z/jvPAcHtbL2uzpazN3uaLUMEpsr6IS3O2h96cm7tsfx9NWIhKUHdXZj:nui3r8cNbpzwB+awMi23SAc5GIcWdXZj

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1332	1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8.exe

C:\Users\Admin\AppData\Local\Temp\1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8.exe
"C:\Users\Admin\AppData\Local\Temp\1e6c4f7cd9e44830e70c05ef5cce03f0c8586ab1b22141e254bba95ca7ec58e8.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1332

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1332-54-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/1332-55-0x0000000074781000-0x0000000074783000-memory.dmp

Filesize
8KB

Download