Analysis
-
max time kernel
245s -
max time network
336s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
05-12-2022 06:47
General
-
Target
834ac258559fda69db606ad937c0915ed36ed4bcf2bbb1aba356b2b84432acaa.exe
-
Size
783KB
-
MD5
c898b0ec2e0271bebc95649f5fa5ed7c
-
SHA1
9858b3ea2f16bd158b22fe5653d369a4845ed685
-
SHA256
834ac258559fda69db606ad937c0915ed36ed4bcf2bbb1aba356b2b84432acaa
-
SHA512
fc83d2468c57f0ae667c50cc34d5b59514d8d09f3494d98628d4473ed6bcd2fde9d793e7601daaf584e173626b07e1dbcd4f5b41e0aa99d51c033d1056b5511a
-
SSDEEP
24576:54VrnCYn6wHuUHBr00vv/X/hWPLO2zMkY8ZCd+Y8W:qF7kUHRHAPBM9Ld+Yb
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\834ac258559fda69db606ad937c0915ed36ed4bcf2bbb1aba356b2b84432acaa.exe"C:\Users\Admin\AppData\Local\Temp\834ac258559fda69db606ad937c0915ed36ed4bcf2bbb1aba356b2b84432acaa.exe"1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
650KB
MD5ddb6366ea1a4056ec25ffedb6fce4d2e
SHA1213e6437cb8519775ff984080aa63271cb8ac170
SHA256bc49875eaab01256f6428911713f6f0b334f3cd63014318f8323b32a41ede250
SHA51294fba6c468bd50cc760ece0a7796ecdda59945169e86ea3731aa49428c208f895973e27900733a1baa448cc2e482746befc2e4208fe79a946ed7f633d1d284c7
-
Filesize
8KB
