c7b2e42de9f4099ac5ee3c2a563f5acd0f3bf43044dd4299846091e6d9288c31 | Triage

Analysis

max time kernel
4s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:36

Sharing

Report Analysis Logs

General

Target

c7b2e42de9f4099ac5ee3c2a563f5acd0f3bf43044dd4299846091e6d9288c31.exe
Size

199KB
MD5

254d729f4ead676c1a97ae123f4e5630
SHA1

aacb20c12da5d51a15ace745f34ccfdece475867
SHA256

c7b2e42de9f4099ac5ee3c2a563f5acd0f3bf43044dd4299846091e6d9288c31
SHA512

5ccdcb851d9db48d1af0e33b8c5dd3aae027e4270cba3cd75e39a2d15c4162d1833c82300dc77886a9fcf178f3402bd46069495c6b0d389217363be3da89dc15
SSDEEP

3072:FLk395hYXJ2ncrmK2Eg4JMoMoMMoM9EdKn:FQqQn0m/Eg4EdKn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c7b2e42de9f4099ac5ee3c2a563f5acd0f3bf43044dd4299846091e6d9288c31.exe
"C:\Users\Admin\AppData\Local\Temp\c7b2e42de9f4099ac5ee3c2a563f5acd0f3bf43044dd4299846091e6d9288c31.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download