f1bbcc5c678d174d858ae089f4494e3ea8bcfc418098d61804a15e437f08aff7 | Triage

Resubmissions

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

max time kernel
304s
max time network
322s
platform
windows10_x64
resource
win10v20201028
submitted
03-02-2021 11:43

Sharing

Report Analysis Logs

General

Target

Endermanch@NavaShield(1).exe
Size

9.7MB
MD5

1f13396fa59d38ebe76ccc587ccb11bb
SHA1

867adb3076c0d335b9bfa64594ef37a7e2c951ff
SHA256

83ecb875f87150a88f4c3d496eb3cb5388cd8bafdff4879884ececdbd1896e1d
SHA512

82ca2c781bdaa6980f365d1eedb0af5ac5a80842f6edc28a23a5b9ea7b6feec5cd37d54bd08d9281c9ca534ed0047e1e234873b06c7d2b6fe23a7b88a4394fdc

Score

5^/10

ransomware

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
ransomware

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Endermanch@NavaShield(1).exe
"C:\Users\Admin\AppData\Local\Temp\Endermanch@NavaShield(1).exe"
1⤵
PID:4772

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...