ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee

Analysis

max time kernel
341s
max time network
402s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 07:28

Target

ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee.exe
Size

88KB
MD5

4bf5e672cdc2f08fa472f0fddf43f1b2
SHA1

a7316fa5cf90eb74f67185e85333cfcf747999f8
SHA256

ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee
SHA512

ad2843c9b1b5c786b7e138589b58e19b6dc816a18c6d03c967bf5458e0ab34dcc7343ae154c852a0bb076a4276b49a9a0659de6f97e7322dd2725203b069415c
SSDEEP

1536:FOqvoQh57EAZt1xiX4kqMJrkdEgNliaCgDxlSfLlS7gkuMEEDo2Pt9U329:zosJErX4p6rkdzNliaCgxlSfLlS7luMP

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee.exe
"C:\Users\Admin\AppData\Local\Temp\ca1f00dead8b477ca57db89abef2a70145e2e3ef91ac9404fb0e79e005a5e5ee.exe"
1⤵
- Drops file in Drivers directory
PID:2892

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact