bd6147f7ecd492e2d5bb4f1a19b638bcc1a72650f60c81b40e6a270b8d799bfd | Triage

Analysis

max time kernel
25s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 15:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd6147f7ecd492e2d5bb4f1a19b638bcc1a72650f60c81b40e6a270b8d799bfd.exe
Size

160KB
MD5

a241b6afeca1808388e9e3d7118fc1ba
SHA1

d5436051f7651d53cf09f90beaf3681c463c56b1
SHA256

bd6147f7ecd492e2d5bb4f1a19b638bcc1a72650f60c81b40e6a270b8d799bfd
SHA512

52fcc34dae2cfaf76d2ca6e227b13813b41d99a5d353080932028477128e5bff5d3d8124f8176d4b4216030a84bd703d138f7848e0a67379fb7a2670eb1ceef0
SSDEEP

3072:8sDV6AzGlWgFvYGnJd6KpZV3uTN9WU/G9h3Gw590KqkbmzALbvl6:tQA5gFvYGJd6KpZV3uTN9WU/G9h2w59X

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\bd6147f7ecd492e2d5bb4f1a19b638bcc1a72650f60c81b40e6a270b8d799bfd.exe
"C:\Users\Admin\AppData\Local\Temp\bd6147f7ecd492e2d5bb4f1a19b638bcc1a72650f60c81b40e6a270b8d799bfd.exe"
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x000007FEF4280000-0x000007FEF4CA3000-memory.dmp

Filesize
10.1MB

Download
memory/1788-55-0x000007FEF2D90000-0x000007FEF3E26000-memory.dmp

Filesize
16.6MB

Download
memory/1788-56-0x0000000001EE6000-0x0000000001F05000-memory.dmp

Filesize
124KB

Download
memory/1788-57-0x0000000001EE6000-0x0000000001F05000-memory.dmp

Filesize
124KB

Download