41a3f735a0918ee7a9d1ceeb967286d76c09734140251e766bac0021c75520f3 | Triage

Analysis

max time kernel
23s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 15:09

Sharing

Report Analysis Logs

General

Target

41a3f735a0918ee7a9d1ceeb967286d76c09734140251e766bac0021c75520f3.exe
Size

2.6MB
MD5

e7337164b45a27045dbb31ce3013ad3e
SHA1

c7f661dd1b5feb542220af80a6c21cad484baec9
SHA256

41a3f735a0918ee7a9d1ceeb967286d76c09734140251e766bac0021c75520f3
SHA512

b5dcdd0741249d1a84f0d38f46c29715a33d88a5de39d80acf7e478452d80a1f7cd9e47b01ec6ddef94249558fb1aed0c27f57ad0206c9ef644b0716ffe77f9a
SSDEEP

49152:g84pfonZRRdQoQupQAqu0Rdwsc3SSrT6wRgFcqvz58vvdwzikWYEphda/7G5t:V4piuoQupQAYP6Pm1vzWvZa/q5t

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\41a3f735a0918ee7a9d1ceeb967286d76c09734140251e766bac0021c75520f3.exe
"C:\Users\Admin\AppData\Local\Temp\41a3f735a0918ee7a9d1ceeb967286d76c09734140251e766bac0021c75520f3.exe"
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download