4d71bbe32ad8828d3ed66fb0ea352086181390391bab0960298fad620b61eee7 | Triage

Submit
Reports

Overview

overview

Static

static

b305d95fa8...e0.exe

windows7_x64

b305d95fa8...e0.exe

windows10_x64

3

Analysis

max time kernel
98s
max time network
101s
platform
windows10_x64
resource
win10v20201028
submitted
22-03-2021 20:14

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

b305d95fa833495eca1fa9ab824a25e0.exe

Resource

win7v20201028

modiloader bootkit persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b305d95fa833495eca1fa9ab824a25e0.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

b305d95fa833495eca1fa9ab824a25e0.exe
Size

5.2MB
MD5

b305d95fa833495eca1fa9ab824a25e0
SHA1

18a87991e98013678713cf231f37787ab0c87512
SHA256

4d71bbe32ad8828d3ed66fb0ea352086181390391bab0960298fad620b61eee7
SHA512

51ac574dd06ae8d267f400005b1c698fd2c3f1a50dc27afcc554bf7e836046f0fea6808f8e4cc4ebc827530bdbe6bc3cd949c27672e7770070e3aafdaa42110f

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\b305d95fa833495eca1fa9ab824a25e0.exe
"C:\Users\Admin\AppData\Local\Temp\b305d95fa833495eca1fa9ab824a25e0.exe"
1⤵
PID:648

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/648-2-0x0000000140000000-0x0000000140073000-memory.dmp

Filesize
460KB

Download

© 2018-2024

Terms | Privacy