ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235 | Triage

Analysis

max time kernel
102s
max time network
183s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 01:23

Sharing

Report Analysis Logs

General

Target

ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe
Size

191KB
MD5

0dd79df72df8cd086cebd8a8c2d00008
SHA1

3c38a8ec2a0f0230e141f52fab89c7b30c9f9741
SHA256

ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235
SHA512

7ac495327b486864f9677e065ebfeabee22988eeb9acc1ecbab3bab18f5b6a45635ca45ec2aaa0bb64446312a2fed291ffb940123578e6b104fc6f919e178594
SSDEEP

3072:HADWbKzKbQmSVdSme+xmJyD4BliqzsmmEpEmboQd+ccewkyeZyYPuvGCJ30EZ0di:HAVySV1eY4k437d+4wkTHdS26

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe
"C:\Users\Admin\AppData\Local\Temp\ad8755114205a140f9d0a02321c3c97a71c48f2ae06548c808fefd0edcfd3235.exe"
1⤵
PID:1448

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-54-0x0000000075441000-0x0000000075443000-memory.dmp

Filesize
8KB

Download