6ba31d39cbfb2d0401030189e23294df525f37a9372c3f3dce2dc75fa8920fba | Triage

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 15:38

Sharing

Report Analysis Logs

General

Target

6ba31d39cbfb2d0401030189e23294df525f37a9372c3f3dce2dc75fa8920fba.exe
Size

392KB
MD5

68f1e0dbff716b5763d66fff62611f20
SHA1

e31d42f188cc0dc87ab6df9ce03edd88fa386be2
SHA256

6ba31d39cbfb2d0401030189e23294df525f37a9372c3f3dce2dc75fa8920fba
SHA512

829959806147e088719d3a7ae97e0f1baaf3caca8a4f6160660b22bb7bee50b39c66098be57e5592439970cfa317077fdc0814cae7a1cd21e6539ee91714f91a
SSDEEP

6144:FhRhJcJnR37Ez0hEj/+vH02HG06Y+5LiT9gjmtR4t8F+UuXk0uzCHm1/5pHCKFkS:jcMI8/+vH02H36r5g9p4xQX5pHnqfpA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6ba31d39cbfb2d0401030189e23294df525f37a9372c3f3dce2dc75fa8920fba.exe
"C:\Users\Admin\AppData\Local\Temp\6ba31d39cbfb2d0401030189e23294df525f37a9372c3f3dce2dc75fa8920fba.exe"
1⤵
PID:1844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1844-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download