1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69 | Triage

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 07:18

Sharing

Report Analysis Logs

General

Target

Overdue_account letter.exe
Size

958KB
MD5

40c43a758689271d72709958de73a4cc
SHA1

9fb2af9270987df6a8e974eb745f9a01022c3453
SHA256

1ea31d04175fb842e43adb57eadd01486fbad17841f83d5eff065b67baeb4d69
SHA512

a47e491d4eda64ddedf8d533aea1097fe43b85927074598ee74fb59faa48968e44d7c2f58057375850710389da2a0bcac9eab6a248172a5dcdcc99b7c87d5bf4
SSDEEP

24576:NoU376CMskFgqIyXXkH5MF1FI86jiT17MTsM3ya2veHe:NpPkVXX65cr6jiT1ha2veHe

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Overdue_account letter.exe
"C:\Users\Admin\AppData\Local\Temp\Overdue_account letter.exe"
1⤵
PID:2512

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-132-0x00000000005D0000-0x00000000006C6000-memory.dmp

Filesize
984KB

Download
memory/2512-133-0x0000000005630000-0x0000000005BD4000-memory.dmp

Filesize
5.6MB

Download
memory/2512-134-0x0000000004F30000-0x0000000004FC2000-memory.dmp

Filesize
584KB

Download
memory/2512-135-0x0000000005080000-0x000000000511C000-memory.dmp

Filesize
624KB

Download
memory/2512-136-0x0000000005450000-0x000000000545A000-memory.dmp

Filesize
40KB

Download