21a059eab0a7d94154683c26e21ccb86f0c561ded675488f3edd75a8fd2f3383 | Triage

Analysis

max time kernel
36s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 05:50

Sharing

Report Analysis Logs

General

Target

21a059eab0a7d94154683c26e21ccb86f0c561ded675488f3edd75a8fd2f3383.exe
Size

2.8MB
MD5

1b89728e0a3833939ec61ab17d60be70
SHA1

fc976d6d790efefba0769d8499411ecc19e876f5
SHA256

21a059eab0a7d94154683c26e21ccb86f0c561ded675488f3edd75a8fd2f3383
SHA512

52a147948900399050f0ff32a08e2c40f9a9025bab160010a3cb81bdc350058f9d9b7ff4a85f5001954a0835ebc086ef482e3eb9ec8f879762058c3abf6791b5
SSDEEP

49152:V/YtLPBpMnwk2lqBwZQ8WOMKOtEVqBT3Db6c0ORk5nwQDZPnrmv1B3LgVWLIab3v:dYtXMVAqBwHMm2icXRCnw8ZDIb6K

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\21a059eab0a7d94154683c26e21ccb86f0c561ded675488f3edd75a8fd2f3383.exe
"C:\Users\Admin\AppData\Local\Temp\21a059eab0a7d94154683c26e21ccb86f0c561ded675488f3edd75a8fd2f3383.exe"
1⤵
PID:980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-54-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download