59d13b83bb53a1d78deef61c68ddfde4ba9b860e4606751325eea1922e9b798c | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31/10/2022, 23:03

Sharing

Report Analysis Logs

General

Target

59d13b83bb53a1d78deef61c68ddfde4ba9b860e4606751325eea1922e9b798c.exe
Size

18.2MB
MD5

5ae0222d4959de0f67e6343e0e11a658
SHA1

330556b8abbcdb9c7a6359a72ebc8d5084761b4f
SHA256

59d13b83bb53a1d78deef61c68ddfde4ba9b860e4606751325eea1922e9b798c
SHA512

0fdb852e93ad6a6f28086ca7f7abc616a5876fe1e2c5b2af7a4ffe3190bb45a9d3d21b43033e2e479737f4be2ec23afc873ecb8e73f65f580109b21a920baac2
SSDEEP

393216:lPfnx0dYfrXFX4xQ4Sdy2mPvBFYtDjGEpAtWWIkBC8P86ucR95BYjCC:lHx0dYXFX4h0kvBcGEutVgW9xC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\59d13b83bb53a1d78deef61c68ddfde4ba9b860e4606751325eea1922e9b798c.exe
"C:\Users\Admin\AppData\Local\Temp\59d13b83bb53a1d78deef61c68ddfde4ba9b860e4606751325eea1922e9b798c.exe"
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download