373701ff7f7c7d49e6af3ebb5178e907a59464c20c81052c67bd5d86168d817e | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/09/2022, 10:42

Sharing

Report Analysis Logs

General

Target

kom.exe
Size

219KB
MD5

72d102a163f41aceb6a3aae9154445ed
SHA1

1a65685e52f6269a2370e44d5a2dca82ac892795
SHA256

373701ff7f7c7d49e6af3ebb5178e907a59464c20c81052c67bd5d86168d817e
SHA512

1c4bea8fa1513c3ef65df1196d4fb4d6fc7b49d3c6ae031e58bd91f52eeedf6fc617b071788f0ce62110ecc6e5f779f1215b52355aac1621a46707c5e27ebe8f
SSDEEP

6144:P3hqLCa8aAYFHHHHHHHHHHv8BVBb9aAqQwSBjfaRYVHlxxSXp5K:P3zCFHHHHHHHHHHvCBb9ZqEjfuYVdSXK

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\kom.exe
"C:\Users\Admin\AppData\Local\Temp\kom.exe"
1⤵
PID:1100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1100-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download