17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2 | Triage

Analysis

max time kernel
6s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 04:40

Sharing

Report Analysis Logs

General

Target

17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe
Size

118KB
MD5

301e40876d9da7510ccf0e80658e0a7a
SHA1

73bd6d1c0d896a568049f810cd7a3b90fb95035c
SHA256

17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2
SHA512

f091d32f05072f1b5b22047a5fee19f2cd3f80aacc9a3bfad0761eb64582f42a2c809407449c78327956cb44756e409aca0df6519056a0d6925dea3b7cc0eefb
SSDEEP

3072:ILk395hYXJCpYv56jA2y2jv9hc/l/R6wrbdp1M:IQqTIy8v9hel/cwrbv1M

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe
"C:\Users\Admin\AppData\Local\Temp\17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe"
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1632-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download