72955bbc534102e0962e214d3b1466eba82f8fa8ef3f9b311fdd2821e67a58d0 | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-10-2022 21:33

Sharing

Report Analysis Logs

General

Target

72955bbc534102e0962e214d3b1466eba82f8fa8ef3f9b311fdd2821e67a58d0.exe
Size

672KB
MD5

4143eda3bd72aa9189f4d72aec555adb
SHA1

44e2d07149644af37ed7fb63f6a067f3805532ea
SHA256

72955bbc534102e0962e214d3b1466eba82f8fa8ef3f9b311fdd2821e67a58d0
SHA512

fdbed2f272f0edd9b6ef0c0b583ecb1d3e3e6a514da19939c0c594a13342b3d8a4169c8fbccf3045805f96cf7ecca94a7f33e408e15ba42d334e2516996d0591
SSDEEP

12288:zJddQlTXy43wqwpXorAHKNF05yW3vijsfOILUyQy5V7INCd5dHUqhY:FddQlTjLwp4kHqkT3q8pPp8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\72955bbc534102e0962e214d3b1466eba82f8fa8ef3f9b311fdd2821e67a58d0.exe
"C:\Users\Admin\AppData\Local\Temp\72955bbc534102e0962e214d3b1466eba82f8fa8ef3f9b311fdd2821e67a58d0.exe"
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download