Overview

overview

3

Static

static

1

6eb3ca6ee2...c1.exe

windows7-x64

3

6eb3ca6ee2...c1.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eb3ca6ee22bbacb8a2bbfe2b4b5b4688c0c791d2c4062a0f1aeca59bf9290c1.exe

  • Size

    562KB

  • MD5

    f0effa3b0cf3a2efa1deb3a82d28e9bd

  • SHA1

    985b04f44802eab24fe0cb4df86212ec9b8fb045

  • SHA256

    6eb3ca6ee22bbacb8a2bbfe2b4b5b4688c0c791d2c4062a0f1aeca59bf9290c1

  • SHA512

    5c7ac41e500b70c9f6be7e39d28a226f9fb364b7fe11e41d932c093d82be723b9b124dd225dd88d151c6aa61fe27359a00d32d258e0fe795ae033be2e01dce50

  • SSDEEP

    12288:jCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMFi0:jChqKgU79usbkx+VNJhofz765h3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6eb3ca6ee22bbacb8a2bbfe2b4b5b4688c0c791d2c4062a0f1aeca59bf9290c1.exe
    "C:\Users\Admin\AppData\Local\Temp\6eb3ca6ee22bbacb8a2bbfe2b4b5b4688c0c791d2c4062a0f1aeca59bf9290c1.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:4432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads