90f947f2ea9c0f9bb755bc7801b295fae16a6ed72416f00010aeb724e60ef42b

Analysis

max time kernel
11s
max time network
13s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
08/02/2023, 15:21

Target

90f947f2ea9c0f9bb755bc7801b295fae16a6ed72416f00010aeb724e60ef42b.one
Size

128KB
MD5

b0fc502449180f0c1af41c0506e9042c
SHA1

bc6b80b6af6c3ef9584aaa91d880cc9b5f9a43ef
SHA256

90f947f2ea9c0f9bb755bc7801b295fae16a6ed72416f00010aeb724e60ef42b
SHA512

e11267f43876bf87c267ce0907a344b946586cd00c871cc3e40ec0105c11a6038c44a459f8f02a0db3e176f3fd8ab59752d4a2b233fc3150a3ca4718b5f2e1d6
SSDEEP

1536:90OjciqwpusMOnrRKWDehU6BpAn9ARWrRFa4TlWN:90OgiJcsR9hyhU6U9ARWrRFa4xWN

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 19 IoCs

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\90f947f2ea9c0f9bb755bc7801b295fae16a6ed72416f00010aeb724e60ef42b.one
1⤵
- Modifies registry class
PID:3520

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact