7c6fb489c18e04d339855276c572d0f6761d8e0fed14157cf09f65c0c0c8bd09

Analysis

max time kernel
87s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 19:10

Target

7c6fb489c18e04d339855276c572d0f6761d8e0fed14157cf09f65c0c0c8bd09.exe
Size

4.0MB
MD5

3937892a54da02823e1c74083ab10790
SHA1

0d2d4135a569004b4ac80a6946081224c3b13f09
SHA256

7c6fb489c18e04d339855276c572d0f6761d8e0fed14157cf09f65c0c0c8bd09
SHA512

effc050dde26fb27b29fa7a35df7f9739ec7ef09e9bf0875cb7e85d4cd551f363f344852344e91362dd29e481f4a8ee2b96d3636361f92e348a1a18b2b34c65f
SSDEEP

98304:9YUvdybd+Mbfvg+uB3aDvKLLjQtkKbjBM1YSUAkrtoDFl7MR10:q8dydvg++azIjUcYSgW00

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	856	7c6fb489c18e04d339855276c572d0f6761d8e0fed14157cf09f65c0c0c8bd09.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
856	7c6fb489c18e04d339855276c572d0f6761d8e0fed14157cf09f65c0c0c8bd09.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/856-133-0x0000000000400000-0x0000000000898000-memory.dmp

Filesize
4.6MB

Download
memory/856-135-0x0000000000400000-0x0000000000898000-memory.dmp

Filesize
4.6MB

Download
memory/856-136-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/856-137-0x0000000000400000-0x0000000000898000-memory.dmp

Filesize
4.6MB

Download