87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48

Analysis

max time kernel
130s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/03/2023, 22:03

Target

87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48.exe
Size

10.6MB
MD5

ecda5d88bc21f895699e26695fab78a9
SHA1

8b8480ec6fed445492db7c610e6c1c37c27e3eac
SHA256

87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48
SHA512

42821b284c70b926cec84a38beea97bf73cc239418f89150e254451aa0c18de985857adc284068cb34ca43d24b54416b66af937c3d9088f17e95e5212f167627
SSDEEP

196608:Q3ZHbv3TqrccJ+MkpilwNRMW/tD8F4uCh0yNkHtRO8db/K2KMA0xaUI5:GHvlcJ+MkMlwRMW/t4F4b0iUTB5Aoa5

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2036	87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48.exe

C:\Users\Admin\AppData\Local\Temp\87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48.exe
"C:\Users\Admin\AppData\Local\Temp\87db615dc1fa25c0ec65230dde81e5a9b476dab4201a7f641662524815abaf48.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2036

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact