85a9181e8a0f9373b75042809c148f1d75479eb3e389f07b9b28285378ff95fc | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10/10/2022, 21:01

Sharing

Report Analysis Logs

General

Target

85a9181e8a0f9373b75042809c148f1d75479eb3e389f07b9b28285378ff95fc.exe
Size

11.7MB
MD5

af7ef347ab7f45cd4dae9836bf168bad
SHA1

9a199d4179d027411a68f348465ed88413f399f9
SHA256

85a9181e8a0f9373b75042809c148f1d75479eb3e389f07b9b28285378ff95fc
SHA512

9c019ec45df324364a0483447be79b29b1e2afed4a9c3fb9c10363592d9024530b2f6f1d4fa3f2937a296aeb8858de36df6547c96d7fce3bc12e764afd18a1f9
SSDEEP

196608:x5miqYT+G8fVO9HO7Ve3ROXAXWF4BWe6i65kk5sTMw4fGzG+Zc2dHIUGKyUfixnV:x5/7ql81Ye3ROVrn555+O2dHHGxLxHn1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\85a9181e8a0f9373b75042809c148f1d75479eb3e389f07b9b28285378ff95fc.exe
"C:\Users\Admin\AppData\Local\Temp\85a9181e8a0f9373b75042809c148f1d75479eb3e389f07b9b28285378ff95fc.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download