e42d1655cf256fb3d144d5eb4d7264e5caf50c2379f76859dcee1dc06233f42f

Analysis

max time kernel
57s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08/03/2023, 10:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395.exe
Size

1.0MB
MD5

21f7fd1bf4759b63e04892f4ecbdf0e4
SHA1

b49914222bd11ca626dd247f350b549d7d78692a
SHA256

6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395
SHA512

896be3dcda05f92108369355b9733af108377cf765febfcb106641d4a4ac81b95e6cd2af1beb8548bde2fac8d2baa9e65a97967a01238b1124fa0a8ee0ce59e9
SSDEEP

12288:eDX3gBVmNUfqBe4EAsUVxFSsWN2HWFYHg6vpV8aSvkCRbuWlTXQPZIHF/EFH:c+YNUfqBpEAsU4sW28YAwt4SBPZn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1744	6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1744	6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395.exe

C:\Users\Admin\AppData\Local\Temp\6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395.exe
"C:\Users\Admin\AppData\Local\Temp\6c53b530f6eb1312895a0818ca0bac5e28acffc04521284bf4d1168902fa3395.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x00000000000A0000-0x00000000001AA000-memory.dmp

Filesize
1.0MB

Download
memory/1744-55-0x0000000004300000-0x0000000004340000-memory.dmp

Filesize
256KB

Download
memory/1744-56-0x0000000000A60000-0x0000000000A76000-memory.dmp

Filesize
88KB

Download
memory/1744-57-0x0000000004300000-0x0000000004340000-memory.dmp

Filesize
256KB

Download
memory/1744-58-0x0000000001FC0000-0x0000000001FCC000-memory.dmp

Filesize
48KB

Download
memory/1744-59-0x0000000007E30000-0x0000000007EDA000-memory.dmp

Filesize
680KB

Download