b2a3610b3eae108ab9b0a656f9d60fd6aacac17bb22a57ce1e803c8b4603c832 | Triage

Submit
Reports

Overview

overview

5

Static

static

5

Comprovante.exe

windows7-x64

3

Comprovante.exe

windows10-2004-x64

3

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 00:12

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Comprovante.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Comprovante.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

Comprovante.exe
Size

755KB
MD5

a891003d1be073ec30eb7e260d67f175
SHA1

90c2995cddbbfdda3c31539be325c423cba2226d
SHA256

43e27bb76fbe3ea31f75bd40e080738dd48526eec929e41e89b9f668ac9712fc
SHA512

c1dcd80cc070786f17f1c113d4b20322d1ed2fef633a9a52810c4e52fcc176391b0f48c384a52386335996d40954a0147efd6806983209fa2b236738a156c053
SSDEEP

12288:jhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a5wrhxggp:pRmJkcoQricOIQxiZY1ia5wrvggp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\Comprovante.exe
"C:\Users\Admin\AppData\Local\Temp\Comprovante.exe"
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy