7503ebae43e994db1f01c4842675bf28cc539aed70905c4a124671c64cef1212 | Triage

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 04:53

Sharing

Report Analysis Logs

General

Target

7503ebae43e994db1f01c4842675bf28cc539aed70905c4a124671c64cef1212.exe
Size

505KB
MD5

812a7a3a3f73b35c457a8160d8b7e4d0
SHA1

ba98b42b07ff9ef8e8fa58e84b5ab22c45cc315d
SHA256

7503ebae43e994db1f01c4842675bf28cc539aed70905c4a124671c64cef1212
SHA512

ba21874859a54c41639c8391c0d6cdb1247aec171609c266a1b2e4b9150da20013e5bd9d9313876d8409b4b357f641f81175da2a1c4e6ac04e9c1d60bed50f87
SSDEEP

12288:YmT4UN3K3vvod0ABtGbbO2DChJ4otrWOumm8+qKi4Zv07:NT4Ulood0+tG3DCcot3umm8XK1Zv07

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\7503ebae43e994db1f01c4842675bf28cc539aed70905c4a124671c64cef1212.exe
"C:\Users\Admin\AppData\Local\Temp\7503ebae43e994db1f01c4842675bf28cc539aed70905c4a124671c64cef1212.exe"
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1780-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download