56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f

Analysis

max time kernel
34s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 14:54

Target

56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f.exe
Size

562KB
MD5

eebb01220616c7004ec83d415ecd017a
SHA1

f6c91cdcc563db6e2d157c12253e5e7d73feaa49
SHA256

56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f
SHA512

f2c19076eba50379f3a0bdc6c9c9a0be6dee015e801af1057eacee84fc32358af398cb8282f1a3bf2b19b9a3a18387bce61eb349330006992509163d11240c81
SSDEEP

12288:TCK+qK4QIUJ6ItO49LpwEBXu+OKex+VwKDPFIihoGqz765OMFas:TChqKgU79usbkx+VNJhofz765hz

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f.exe

C:\Users\Admin\AppData\Local\Temp\56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f.exe
"C:\Users\Admin\AppData\Local\Temp\56a3b1c671d72a761e1d657134e8ec5b20763c9b8ee9d7fa4e517394509d2e7f.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1708

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1708-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1708-55-0x0000000074631000-0x0000000074633000-memory.dmp

Filesize
8KB

Download