2468f2021ac8a00fec3c3a3cf7aa73f48dc5ccb929996680e1c2b834b25b3cf4 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2468f2021ac8a00fec3c3a3cf7aa73f48dc5ccb929996680e1c2b834b25b3cf4.exe
Size

268KB
MD5

92f88661fe4da0df9802d776c229dcb0
SHA1

dc5022b260571bf7d6318d46d22ea72f318db1fd
SHA256

2468f2021ac8a00fec3c3a3cf7aa73f48dc5ccb929996680e1c2b834b25b3cf4
SHA512

94ed1296893a0c5e0b3bb134dd6d281543ee4ac46afd6f44037f83993deed0e562a4a714e8b917d113a314012f57ef1f937e6a71445b9df68c65aad158bb8817
SSDEEP

6144:1zfv0gFX0B1a1ydL2D98KiL4R+uCE7a/0CTcWG0tEQYQ2SN:ZFX0B0OQiKiL4R+uw/91Es2Q

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2468f2021ac8a00fec3c3a3cf7aa73f48dc5ccb929996680e1c2b834b25b3cf4.exe
"C:\Users\Admin\AppData\Local\Temp\2468f2021ac8a00fec3c3a3cf7aa73f48dc5ccb929996680e1c2b834b25b3cf4.exe"
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download