7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20210410
submitted
15-05-2021 14:41

Sharing

Report Analysis Logs

General

Target

7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb.exe
Size

1.5MB
MD5

59058b82e0c8ca6d3801f38036119f5b
SHA1

a0face8c6f0d62327ae1d096b0949b5d0bb140fc
SHA256

7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb
SHA512

ae295166d938586fe378fa864bf06dd1cc3e521c173610b7dcf05146f47ddf30402224b721aa2aa58b236b8b6bdbfd8789a402360e4216a5b4254804915d2153

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1420	7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb.exe

C:\Users\Admin\AppData\Local\Temp\7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb.exe
"C:\Users\Admin\AppData\Local\Temp\7c34b806afb3ae478c837acdecbc0f5709dad6a17620402b6a7b14d9e2428bbb.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-60-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

Filesize
8KB

Download