d0b216aaf2930817b9dea5d2238b3bc605b3ac6cb594f01b7f9a63e6901dc9d9 | Triage

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:04

Sharing

Report Analysis Logs

General

Target

d0b216aaf2930817b9dea5d2238b3bc605b3ac6cb594f01b7f9a63e6901dc9d9.exe
Size

171KB
MD5

ac6e37471e9f2211eada4d0a0d47a28e
SHA1

fcecb57f78aa7e85be2d702379eb6385420b96de
SHA256

d0b216aaf2930817b9dea5d2238b3bc605b3ac6cb594f01b7f9a63e6901dc9d9
SHA512

877e4f57510d346c0fe3e684c10d8b6063f5d57414038a6d6652fcf34bcf571103151752491ea2f6ff6e12898480c5280c4251ed09a98c77fef2f87cd9a2b8e8
SSDEEP

3072:mgXdZt9P6D3XJReqwKN+BCWNfi8PHeqLRYipbBO91Wi5RLOP7UqD4kmtdAq:me34VwKuNqALJ+0iTcND4kq

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d0b216aaf2930817b9dea5d2238b3bc605b3ac6cb594f01b7f9a63e6901dc9d9.exe
"C:\Users\Admin\AppData\Local\Temp\d0b216aaf2930817b9dea5d2238b3bc605b3ac6cb594f01b7f9a63e6901dc9d9.exe"
1⤵
PID:1236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download