926e2ebda4b6fdb4a024d15e5a3a46e7501221df8162718059eccbe830c884ce | Triage

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2022, 19:51

Sharing

Report Analysis Logs

General

Target

2b4398cb43a931713ce69a95d1157485.exe
Size

456KB
MD5

2b4398cb43a931713ce69a95d1157485
SHA1

0abd2a458f6dc386995184ecf34a492f71c08768
SHA256

926e2ebda4b6fdb4a024d15e5a3a46e7501221df8162718059eccbe830c884ce
SHA512

14aec2347fa3acee48116a2ffc2fc4c33f7444c477a03fc44e20b252d3969904c68db33cf28bb13c99523a5147772dac3ff7158c446263e85f3593097bc128af
SSDEEP

12288:zGpbQKxDQ4la9cMFhxzilZA1HDSLcY+xz:zdKJXpMpilyHxz

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2b4398cb43a931713ce69a95d1157485.lnk	2b4398cb43a931713ce69a95d1157485.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2b4398cb43a931713ce69a95d1157485.exe
"C:\Users\Admin\AppData\Local\Temp\2b4398cb43a931713ce69a95d1157485.exe"
1⤵
- Drops startup file
PID:2640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2640-132-0x0000000001DA0000-0x0000000001DCC000-memory.dmp

Filesize
176KB

Download