747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3

Analysis

max time kernel
137s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 14:39

Target

747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3.exe
Size

564KB
MD5

7a19c318d5848a4b3b3ce29ba614df46
SHA1

e0f3611950f0fa26f12ab595b91eecf299a9a3ff
SHA256

747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3
SHA512

31e43d8fe2bf224326b4b0d9ba1af64cd506e5e1b0723d6fa887c68c21befff9d23911d5890ea5354b8a80a8d51faaef8a5a8846dee41aa2aa34b3984ed96361
SSDEEP

12288:3GQlIdQ8lIglrNYlPGAHQlmKgGRPcIxWcOA8:3/IdQ8KglrNYltim/GRJx8A8

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3988	747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3.exe

C:\Users\Admin\AppData\Local\Temp\747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3.exe
"C:\Users\Admin\AppData\Local\Temp\747aa76b079401a0356936103c61664993c37509f8e2f8b03f0a4f8512ab03f3.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3988

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact