Analysis

  • max time kernel
    6s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2023 15:09

General

  • Target

    ba9dc2820ff412f06ca986dd03af1880d5a60f41.exe

  • Size

    3.9MB

  • MD5

    40256ea622aa1d0678f5bde48b9aa0fb

  • SHA1

    ba9dc2820ff412f06ca986dd03af1880d5a60f41

  • SHA256

    c3a3c6015ffc1bc98b5a21f89e78049900e5796e67e098bead011a20a99e7b0d

  • SHA512

    04f9be55aeb88ff4f11b786f10e1bbcfa5cc1cf0b54f56d2d68fe067b0ada592f6aac93148cfbfe23916bbbe581669befebc4e95630f8c3e76303bc8e69ff450

  • SSDEEP

    6144:DYh6ApoWrujS9yeoh6VVK7xvYTMxgUHgufnKiXybpsb:0h6ApVruja5oh2K755KUH5nNXylS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba9dc2820ff412f06ca986dd03af1880d5a60f41.exe
    "C:\Users\Admin\AppData\Local\Temp\ba9dc2820ff412f06ca986dd03af1880d5a60f41.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3116
    • C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
      "C:\Users\Admin\AppData\Local\Temp\ba9dc2820ff412f06ca986dd03af1880d5a60f41.exe"
      2⤵
        PID:1240
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
      1⤵
        PID:1800

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3116-133-0x00000000025C0000-0x000000000263B000-memory.dmp

        Filesize

        492KB