2abe27e4ab27c4480c83510b03a5395d3f7ccb73aacf2ec8df4b9230edf5a914 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 02:12

Sharing

Report Analysis Logs

General

Target

2abe27e4ab27c4480c83510b03a5395d3f7ccb73aacf2ec8df4b9230edf5a914.exe
Size

668KB
MD5

71b7fcff89af9c038024d8e216f969b4
SHA1

c8b985ed697b31b4d869ec657153ba7ebd00a285
SHA256

2abe27e4ab27c4480c83510b03a5395d3f7ccb73aacf2ec8df4b9230edf5a914
SHA512

3ffa070ace50840b39ab018f342c2f661e35fd67be7ca2476a51cea9598f6ac89dded2378cdb827d0a6c9041a80b5203fc6e7e00c5a1e2f86e79a6dbc346555a
SSDEEP

12288:QmkOydJf4GSYsr2NNioGxPu7HfLia1wnFheXSwVQOAdaf1UnQ8sHWScISPu/n:QfOydJf4hYsr2NNVGxImLnFudQD21UnK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2abe27e4ab27c4480c83510b03a5395d3f7ccb73aacf2ec8df4b9230edf5a914.exe
"C:\Users\Admin\AppData\Local\Temp\2abe27e4ab27c4480c83510b03a5395d3f7ccb73aacf2ec8df4b9230edf5a914.exe"
1⤵
PID:1280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-54-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download