01371c9319c9faea294953d4b316c30617aaaf34de1282e1bba54d7383b5807c | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 04:50

Sharing

Report Analysis Logs

General

Target

01371c9319c9faea294953d4b316c30617aaaf34de1282e1bba54d7383b5807c.exe
Size

74KB
MD5

00e3d921a59beb9ebb12d65df6adffa9
SHA1

93e94c36ebcd4d41e6d92f7ce7c89e815dd0893a
SHA256

01371c9319c9faea294953d4b316c30617aaaf34de1282e1bba54d7383b5807c
SHA512

d6554829422654dbbab2659b224774e5b88fe3bb6e472ec61ee320565d9b2ad58cfa72dec36f57afde605a675092f65dbfa3c440cab6ba4e19c4df70d67770df
SSDEEP

1536:BHFSfARDSW0HefHbmJ2l+6Tr64ixKDHB9qmNIP3sbpYl:BlTSr+vbmJQakBkF3so

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\01371c9319c9faea294953d4b316c30617aaaf34de1282e1bba54d7383b5807c.exe
"C:\Users\Admin\AppData\Local\Temp\01371c9319c9faea294953d4b316c30617aaaf34de1282e1bba54d7383b5807c.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1728-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download