8928eba957fc501dd9876abc690e4c1351038296185033b1cb9c4a324391cf31 | Triage

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18/10/2022, 07:27

Sharing

Report Analysis Logs

General

Target

Ticari Hesap zetiniz.exe
Size

538KB
MD5

d88046780b51ad716447baf19f9fe6cb
SHA1

987525c62bd89fafdf1f7880075087575f8fea8f
SHA256

8928eba957fc501dd9876abc690e4c1351038296185033b1cb9c4a324391cf31
SHA512

eb409c7926851e4c32c3407073a16658947eba40c508d52fdfac86d248d0ee89c785e9bbfc3f935c3607aecab695270a47fcf5bbcd3919bb9225db8758f13827
SSDEEP

12288:J1nUesDyNbHR8WfurPL9rxR2JtLGO4OYN+Qdt:J1Ues27RtfuX9rxR2HGOx2Pn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Ticari Hesap zetiniz.exe
"C:\Users\Admin\AppData\Local\Temp\Ticari Hesap zetiniz.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download