13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51 | Triage

Submit
Reports

Overview

overview

Static

static

13add5fa2b...51.exe

windows7_x64

13add5fa2b...51.exe

windows10-2004_x64

3

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03-05-2022 19:20

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51.exe

Resource

win7-20220414-en

poullight spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51.exe
Size

9.8MB
MD5

cb51ae996b700ee7bdea174e68be0d1f
SHA1

51b4827138e91bbc786e18c2cf8359fce208f23e
SHA256

13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51
SHA512

4ecaab37da9352c9264b68cd0b9ca0392b6ec7cbc1017e703ed139285c5f1ef499f56a64ccc0543fb00769201c406226d2cce4074e56f70d31ee33cd71d0117a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51.exe
"C:\Users\Admin\AppData\Local\Temp\13add5fa2b81c97862ea5002568442252dd0fbd4159228ed48b41704b4288b51.exe"
1⤵
PID:5028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5028-130-0x00000000067C0000-0x0000000006D64000-memory.dmp

Filesize
5.6MB

Download
memory/5028-131-0x0000000007000000-0x0000000007092000-memory.dmp

Filesize
584KB

Download
memory/5028-132-0x0000000007120000-0x000000000712A000-memory.dmp

Filesize
40KB

Download

© 2018-2024

Terms | Privacy