e51184acfb0a968111bffd04a47d847b5f5e0ee1b1b65fd7fd912929ee4d90bf | Triage

Analysis

max time kernel
270s
max time network
396s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 19:02

Sharing

Report Analysis Logs

General

Target

e51184acfb0a968111bffd04a47d847b5f5e0ee1b1b65fd7fd912929ee4d90bf.exe
Size

19.4MB
MD5

7bcffd8452175ab4181c1f60bb97aa33
SHA1

2c236ebd573efe6eb61c6f1b96098d097e42c83b
SHA256

e51184acfb0a968111bffd04a47d847b5f5e0ee1b1b65fd7fd912929ee4d90bf
SHA512

624fdf018a9ee710eec9674987e494a44d43088777ced54f50fd93a6042460a3d208d9739ff3d1e655117d77a204c279351c5c25fa5a1d5c20ec83c597009cc9
SSDEEP

393216:x/S/CPJ+QS/JDmlZIjf1PV5r2ZvRRFuayirzRoL0lMXyJ5LMKaEcoT:VS/2J+JDmlZIZdB2hFuRYHMXeVfcoT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\e51184acfb0a968111bffd04a47d847b5f5e0ee1b1b65fd7fd912929ee4d90bf.exe
"C:\Users\Admin\AppData\Local\Temp\e51184acfb0a968111bffd04a47d847b5f5e0ee1b1b65fd7fd912929ee4d90bf.exe"
1⤵
PID:520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-54-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download