6315e893c895e29e45a79cff0963bee5e25062a751d88f14e770670bbf6d5920 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 08:44

Sharing

Report Analysis Logs

General

Target

6315e893c895e29e45a79cff0963bee5e25062a751d88f14e770670bbf6d5920.exe
Size

765KB
MD5

710e745d9f5d992b0a7db828a4496620
SHA1

146a67231945eab8bd2f2d1b66b946f761f4b140
SHA256

6315e893c895e29e45a79cff0963bee5e25062a751d88f14e770670bbf6d5920
SHA512

c905ee954ee98885edf65d54ffdcc4f560324701e300cb05f3ff287f41ff441e927ffb772b33095bf7f3f2b77134dd80a644d4b270851d5154eb4d08713be5c3
SSDEEP

12288:N53lL7Yojhp88ZasvT6may4Pxu71mD0rIWby9ix084BNRKhduEgVWlXj2SpWU+:N535YanRGmay4PjE9bUix084d2mVWcaI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6315e893c895e29e45a79cff0963bee5e25062a751d88f14e770670bbf6d5920.exe
"C:\Users\Admin\AppData\Local\Temp\6315e893c895e29e45a79cff0963bee5e25062a751d88f14e770670bbf6d5920.exe"
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download