38b4620c91b6089aefc5dabd891051336ee2480bb0d2926b7092f2b5f6f7f16d | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 12:37

Sharing

Report Analysis Logs

General

Target

38b4620c91b6089aefc5dabd891051336ee2480bb0d2926b7092f2b5f6f7f16d.exe
Size

111KB
MD5

5e56a68bac4f8cb2cc2ee317d7537c26
SHA1

bb9fe588fa327d82f2f06b5ce8c3c670d9792880
SHA256

38b4620c91b6089aefc5dabd891051336ee2480bb0d2926b7092f2b5f6f7f16d
SHA512

2d7b5c70eab0e799bb598e2acf6d4978848ea60b89d6e64cc3ae1d381151a5e1cf48d30f2b31ed461112057b298d7a1d5b0c13043800c568423b8c45832c8caf
SSDEEP

3072:aLk395hYXJ5eVcteLw55zkjTaMFZkyfhcWC7+NMNJE:aQqPRteL+kaMFqyfKHKNiW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\38b4620c91b6089aefc5dabd891051336ee2480bb0d2926b7092f2b5f6f7f16d.exe
"C:\Users\Admin\AppData\Local\Temp\38b4620c91b6089aefc5dabd891051336ee2480bb0d2926b7092f2b5f6f7f16d.exe"
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download