d4bf17d91b75e47f5e07583169d7bc976b728425239e6ebbdb542f36f4a4fda9 | Triage

Analysis

max time kernel
80s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 08:03

Sharing

Report Analysis Logs

General

Target

d4bf17d91b75e47f5e07583169d7bc976b728425239e6ebbdb542f36f4a4fda9.exe
Size

504KB
MD5

73f4d037be74da73d66a10da98da48e0
SHA1

eebb458cd006f6c8eacfdcf73b4aed33df9c60d2
SHA256

d4bf17d91b75e47f5e07583169d7bc976b728425239e6ebbdb542f36f4a4fda9
SHA512

7cd1299fb5d8aeae9891d4321d0629b7c929c3c72c41477c1d902944dd8f31ced81d951b2e69582bdce68c8894f8ad6ebf57722768eb5b2ec50b7cfb98dc38b1
SSDEEP

12288:pzCp8Hh6pf6k9SbuHRkxI71mD0rIWby9ix084BNRKhduEgVWI:BpkWoklE9bUix084d2mVWI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d4bf17d91b75e47f5e07583169d7bc976b728425239e6ebbdb542f36f4a4fda9.exe
"C:\Users\Admin\AppData\Local\Temp\d4bf17d91b75e47f5e07583169d7bc976b728425239e6ebbdb542f36f4a4fda9.exe"
1⤵
PID:3184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads