e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3

Analysis

max time kernel
151s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
Size

205KB
MD5

7e32ecc8c8dbd2c9cf7b516c6e5ba0f5
SHA1

2730d4f05c06feadd41adade659eca234efd23d1
SHA256

e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3
SHA512

683e4a24f4053508f54283f361397417e844f58b1546c28b3bf7689c08c81e0285d27aa6f1399855abf750bb1ebef8138d4de01ddf5233e3af0a6fd642737f80
SSDEEP

3072:JPgv1uTga8za7/aApO6fCR6kMgNjTX8jI8VD/dJJO04aN5uvvmRE7xIxT62Br09c:xKZTMPVDdzR1N5sAxBN9UDRWRd

Score

9^/10

ransomware

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Renames multiple (4588) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened (read-only)	\??\D:	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-lightunplated.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_0.m4a	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-400.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Folder.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-64.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\osmux.x-none.msi.16.x-none.vreg.dat.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\FILE ENCRYPTED.txt	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsFormsIntegration.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-400.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-100.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\FILE ENCRYPTED.txt	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_fi.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-40.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ca.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Principal.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AudienceNetwork.winmd	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TraceSource.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Spider.Large.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\netstandard.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-16.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.XDocument.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_th.json	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-400.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Tolerance.png	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.AccessControl.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\FILE ENCRYPTED.txt	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Formatters.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.EMAIL=[[email protected]]ID=[1730E6121CD87855].elibe	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
912	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	4780	vssvc.exe
Token: SeRestorePrivilege	4780	vssvc.exe
Token: SeAuditPrivilege	4780	vssvc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 4944	2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe	90
PID 2708 wrote to memory of 4944	2708	e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe	90
PID 4944 wrote to memory of 912	4944	cmd.exe	92
PID 4944 wrote to memory of 912	4944	cmd.exe	92

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe
"C:\Users\Admin\AppData\Local\Temp\e30022d7e001f1c70299bf7cc788b199b895b0148d1153850aef16c38d5ea5e3.exe"
1⤵
- Checks computer location settings
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Windows\system32\vssadmin.exe
    vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:912

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4780

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FILE ENCRYPTED.txt

Filesize
334B

MD5
e4f855abc55b2bf304a66216e13c5ad8

SHA1
d72d90394f74a14a6cb27814a45575a322462fce

SHA256
e75a145c45cb21c0fa7df0b323b80a49e9e4cf4fe3901461fe521aa52e5ea87c

SHA512
85ff88a7a2a7a1d35c873e04084964b5ab74784144dfaca4c57b929ceddb8c6ecda5996877d95658544788b76d0dd98c218361c8884801672d93f81f6db087f8

Download Submit