d488301ae8e5ee7418dd2fbc715cc32edd5e4804b66cb002bf7e0dd07ebd5e23 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows10_x64
resource
win10-en-20211104
submitted
26/11/2021, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RESERVA.EXE
Size

821KB
MD5

58d595fc3b8236c9248bc7ffb47c087b
SHA1

0c4712b2b3574b91206644ee789c634f21c2c1ae
SHA256

23f8b1d50ded4e893bf789f5e795aa889a6364f525927f49f607cac93ce3a683
SHA512

a3685a5f6f5ed5d24604f0ce06c54047e8869ad61768ffbb74a2b07695cec7746564f1869db254d9d14750c5098d74f5093f96c209362bab66c70e0df791a9e1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\RESERVA.EXE
"C:\Users\Admin\AppData\Local\Temp\RESERVA.EXE"
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads