e67db6ce5dbc63511baf00e69bec4e706ab428a17165a2c3d378274479607cc8 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 01:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e67db6ce5dbc63511baf00e69bec4e706ab428a17165a2c3d378274479607cc8.exe
Size

295KB
MD5

075ffb7434895f773786321dd42a13e0
SHA1

e3b1db3fad3baa838ebc25a6aed6f8c99812186b
SHA256

e67db6ce5dbc63511baf00e69bec4e706ab428a17165a2c3d378274479607cc8
SHA512

4da2cc1d0cd546b2c51f3460761a81cc4819d601f16185e4c17b02a7dc0455a2edcc64edbb837c0eb367f637755aee06d9ae05485f712cf565f805ab046ff170
SSDEEP

6144:fPpKCOj39kP0s5uNPQRzqGxo6R6/exuCk2s4ALSz6YzGAFzRkZMYF8oL:rOjNkcquBFOH2exxk2s4ALAnGKlkZMYv

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\e67db6ce5dbc63511baf00e69bec4e706ab428a17165a2c3d378274479607cc8.exe
"C:\Users\Admin\AppData\Local\Temp\e67db6ce5dbc63511baf00e69bec4e706ab428a17165a2c3d378274479607cc8.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download