59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 14:52

Target

59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875.exe
Size

562KB
MD5

182e42092c55e4cd4f1eb08c9f5759f2
SHA1

be2d8a845ad811348385acc079c42c29a812daea
SHA256

59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875
SHA512

912d4fda3922403a1e263820ce6c359e021b42197faea3e0ffa77fe8b28d23c1d3ce3e341fd74aa8159f400241d5def941002062af1ba1397008f197accad8bc
SSDEEP

12288:zCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMFw:zChqKgU79usbkx+VNJhofz765h+

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4612	59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875.exe

C:\Users\Admin\AppData\Local\Temp\59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875.exe
"C:\Users\Admin\AppData\Local\Temp\59d197fa2c3099fb29e1e41c1cf081a9951a87ae29d1beaf09a4a02f89c7a875.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4612

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact