3f0dc3b9e6d8c3663af5ca832a5c975d3a3bef740fbcfd6ad773abc981195671 | Triage

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 17:58

Sharing

Report Analysis Logs

General

Target

3f0dc3b9e6d8c3663af5ca832a5c975d3a3bef740fbcfd6ad773abc981195671.exe
Size

60KB
MD5

834756dca9a09e863efdba7fb204db70
SHA1

4b984089fd807ba804cf507397320a05798db94d
SHA256

3f0dc3b9e6d8c3663af5ca832a5c975d3a3bef740fbcfd6ad773abc981195671
SHA512

0173935b3a6c300ab19d50114ee8d677c61f7b31a10a4757ea8f4affd85de97e445c112816e383e0d187b1076ca589ce2c135dfe5b89bacea821b91a2543f7c5
SSDEEP

1536:njae1wYxmBBoskJVZxj5JHdlie/3z41L5FZTH:nmeDmBqskJD55ZUbFxH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3f0dc3b9e6d8c3663af5ca832a5c975d3a3bef740fbcfd6ad773abc981195671.exe
"C:\Users\Admin\AppData\Local\Temp\3f0dc3b9e6d8c3663af5ca832a5c975d3a3bef740fbcfd6ad773abc981195671.exe"
1⤵
PID:4372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4372-132-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4372-133-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download