00f04028908b065c7877543d2568be4c2da91f7084df3ca95d45b93792fd4f7d | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 19:37

Sharing

Report Analysis Logs

General

Target

00f04028908b065c7877543d2568be4c2da91f7084df3ca95d45b93792fd4f7d.exe
Size

1.2MB
MD5

624b3761456b736b55e38f914923a070
SHA1

9dde5ad6c2c5ca847588c4b5a5fa1614c0fbdc86
SHA256

00f04028908b065c7877543d2568be4c2da91f7084df3ca95d45b93792fd4f7d
SHA512

1983f445052e806d168b57574221c58cd5f83bdb2bd203731e7582c1afc54c9c6f4aaacf9c758fc2a1faa45dd16ef02bbb84cd18d1dba9f52c98dd550815dcd7
SSDEEP

24576:wzZVv0wQaDfhQ+sOP0WF8Tm161HgTDqdJDj1VckbB0pK:w707aDfnsO8XC7DqdjKk10o

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\00f04028908b065c7877543d2568be4c2da91f7084df3ca95d45b93792fd4f7d.exe
"C:\Users\Admin\AppData\Local\Temp\00f04028908b065c7877543d2568be4c2da91f7084df3ca95d45b93792fd4f7d.exe"
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1840-54-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download