502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3 | Triage

Analysis

max time kernel
136s
max time network
162s
platform
windows10_x64
resource
win10-en-20211208
submitted
30-01-2022 14:57

Sharing

Report Analysis Logs

General

Target

502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3.exe
Size

9.7MB
MD5

d5dd6a344fbe7d6f83c1765a874be19a
SHA1

621d0a4fd8a40849ef9a36f6403094a452ad38bb
SHA256

502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3
SHA512

22ac43718c940ff13048f23c122a68a74a6e0d2d6c7c838dcddf95fa88f20cd30d4de5a3d09a6e8584ca4021ab31a6950de05190fd613e2a7033e220eb967893

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3.exe
"C:\Users\Admin\AppData\Local\Temp\502c7793e4f6e5186e4ce075704b901ba053a1f99446feec4f7d16ce450880f3.exe"
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1372-118-0x0000000000580000-0x0000000000F3A000-memory.dmp

Filesize
9.7MB

Download
memory/1372-119-0x0000000005D50000-0x000000000624E000-memory.dmp

Filesize
5.0MB

Download
memory/1372-120-0x00000000058F0000-0x0000000005982000-memory.dmp

Filesize
584KB

Download
memory/1372-121-0x0000000005850000-0x0000000005D4E000-memory.dmp

Filesize
5.0MB

Download
memory/1372-122-0x00000000058B0000-0x00000000058BA000-memory.dmp

Filesize
40KB

Download