b49980eeaea1717a4fc886f488e691423d5959d6b342dd42963505a25b67b86f | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 22:34

Sharing

Report Analysis Logs

General

Target

b49980eeaea1717a4fc886f488e691423d5959d6b342dd42963505a25b67b86f.exe
Size

589KB
MD5

471b3b768bbb8f8bd5c350fd7fb65b80
SHA1

bd9a798a3ac11c0d44fe3b2e570f8a9cb3b6d797
SHA256

b49980eeaea1717a4fc886f488e691423d5959d6b342dd42963505a25b67b86f
SHA512

6c851f45a6dcadb001579a326aaf331270f7463f2b84ad88dc128d9ff81c91e716e201a33c075370956c7a252be700c46a0b0ac162757ca1855fec8ae0b66f40
SSDEEP

12288:ZP2DYfpZf4wvpOjrEDFkDZvBTcjjhfKGNZ/LVa:bf7fUreFkLGjhflDY

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b49980eeaea1717a4fc886f488e691423d5959d6b342dd42963505a25b67b86f.exe
"C:\Users\Admin\AppData\Local\Temp\b49980eeaea1717a4fc886f488e691423d5959d6b342dd42963505a25b67b86f.exe"
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1488-55-0x0000000002950000-0x0000000002980000-memory.dmp

Filesize
192KB

Download