9b24a64353ee0ff3be219de863e0fd97b7a3e89e56f22ceca980a0ddc313a22c | Triage

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 19:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b24a64353ee0ff3be219de863e0fd97b7a3e89e56f22ceca980a0ddc313a22c.exe
Size

577KB
MD5

9693f2e825683991ed8c7e8e199efa00
SHA1

386f55c8967bbb054312fcff63263337229330bc
SHA256

9b24a64353ee0ff3be219de863e0fd97b7a3e89e56f22ceca980a0ddc313a22c
SHA512

65cb0975a28a09904f43b727327b331ade20de918fcafef49504f14573ff2079ce5cba746d7b9a14c2dae94318ee6c4d369e8e04dc12a30d417fb61ae31fcf83
SSDEEP

12288:l4PEZasvT6may4PxagCNQ87MDHDb1OJlyvDB2WcveJQ:l4ORGmay4PA5NLqDYXyvDB2NeJQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9b24a64353ee0ff3be219de863e0fd97b7a3e89e56f22ceca980a0ddc313a22c.exe
"C:\Users\Admin\AppData\Local\Temp\9b24a64353ee0ff3be219de863e0fd97b7a3e89e56f22ceca980a0ddc313a22c.exe"
1⤵
PID:2036

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download