71dc5088ad5091e2b05a627cbaf2ef3bbe3c1e55f7116eb6734dff60fca20923 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 19:40

Sharing

Report Analysis Logs

General

Target

71dc5088ad5091e2b05a627cbaf2ef3bbe3c1e55f7116eb6734dff60fca20923.exe
Size

3.4MB
MD5

e38d35138eeeddd45ab05bd84b38d9a8
SHA1

e4af8c30646a10572bb8901c388e31a8550bf718
SHA256

71dc5088ad5091e2b05a627cbaf2ef3bbe3c1e55f7116eb6734dff60fca20923
SHA512

5bd01219f56b50377595526f715c411dada3dabac28243b4463f0787ed483dcc05ad4490afd54f55c10eb2cfa5676b755ddc38c7ec2ce970104ec7751bb1782a
SSDEEP

98304:y7NE1ziYo3B3LqiXY4a8IIEFERxNKwOQR:y7sziYo39LqiXYYdE6RxNj5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\71dc5088ad5091e2b05a627cbaf2ef3bbe3c1e55f7116eb6734dff60fca20923.exe
"C:\Users\Admin\AppData\Local\Temp\71dc5088ad5091e2b05a627cbaf2ef3bbe3c1e55f7116eb6734dff60fca20923.exe"
1⤵
PID:900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/900-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download