22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c | Triage

Submit
Reports

Overview

overview

Static

static

17d00ffe00...84.exe

windows7_x64

3

17d00ffe00...84.exe

windows10_x64

Analysis

max time kernel
150s
max time network
179s
platform
windows7_x64
resource
win7-en-20210920
submitted
17-10-2021 20:35

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

17d00ffe0063ec458371dac451603184.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

17d00ffe0063ec458371dac451603184.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

17d00ffe0063ec458371dac451603184.exe
Size

96KB
MD5

17d00ffe0063ec458371dac451603184
SHA1

b0b4d2802cd1c42e8e50f37e2bd03b457fd6b9b6
SHA256

22160bff37828b82230aefd166033aad94ba11087c2bcabe744c14304b98724c
SHA512

7f6b90e03427635c9ee72c4e4c3a90d19c123950391e24ea5f4f232ffb93507055e6269c0998c0a2760e16b341a034d5f949f9d70c7187b5b97624b748308aa1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\17d00ffe0063ec458371dac451603184.exe
"C:\Users\Admin\AppData\Local\Temp\17d00ffe0063ec458371dac451603184.exe"
1⤵
PID:1772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-53-0x0000000075331000-0x0000000075333000-memory.dmp

Filesize
8KB

Download

© 2018-2024

Terms | Privacy