17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2 | Triage

Analysis

max time kernel
92s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 04:40

Sharing

Report Analysis Logs

General

Target

17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe
Size

118KB
MD5

301e40876d9da7510ccf0e80658e0a7a
SHA1

73bd6d1c0d896a568049f810cd7a3b90fb95035c
SHA256

17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2
SHA512

f091d32f05072f1b5b22047a5fee19f2cd3f80aacc9a3bfad0761eb64582f42a2c809407449c78327956cb44756e409aca0df6519056a0d6925dea3b7cc0eefb
SSDEEP

3072:ILk395hYXJCpYv56jA2y2jv9hc/l/R6wrbdp1M:IQqTIy8v9hel/cwrbv1M

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe
"C:\Users\Admin\AppData\Local\Temp\17b89ba7c081a5b8dcab3228f3bfc6b44b152c5121848ad586cfa1c988b3f0b2.exe"
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads