77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411

Analysis

max time kernel
285s
max time network
397s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 14:38

Target

77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe
Size

632KB
MD5

27c9e7bd8c7754c2c31f8806d93ebdd2
SHA1

2de9282ccb854d94805c34a4f9ae88f9626b0d2d
SHA256

77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411
SHA512

351aaf6df3c98eb4f57933672887b1555e361298883900a1b835c910a84bb3e236860b11e44eb865c5bbfb1ec406cd91745d3b91ce076d5b2fe4bfc3aaf5b306
SSDEEP

12288:1uudoYcGL//JWM01Vfby4QQvRO4mqPeQ9HXD4AQfKF+cl19IB0JG9dYV:1ueoYT/hmflRBmqPeQ93D4AQ6X2B2

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
684	77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe

C:\Users\Admin\AppData\Local\Temp\77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe
"C:\Users\Admin\AppData\Local\Temp\77b58fd7ba2b0ceae0122271fb8102a1195c30abd1b3875d9c5bfc3912274411.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:684

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/684-54-0x0000000075D11000-0x0000000075D13000-memory.dmp

Filesize
8KB

Download
memory/684-55-0x0000000074491000-0x0000000074493000-memory.dmp

Filesize
8KB

Download