429c2c1c1c141c8239a87fb0b0fd8372daa0ead047ecf04955da2503deeb86db | Triage

Analysis

max time kernel
24s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 03:10

Sharing

Report Analysis Logs

General

Target

429c2c1c1c141c8239a87fb0b0fd8372daa0ead047ecf04955da2503deeb86db.exe
Size

16.6MB
MD5

6e03248ca3593d1dbe4234c233d3d505
SHA1

921907638343cc92c58529ddef605af25a630f30
SHA256

429c2c1c1c141c8239a87fb0b0fd8372daa0ead047ecf04955da2503deeb86db
SHA512

ab07947b96c7c97ed7095bad4299d0b65486449f283063264da606ca65bd44ebf2668022ee83909f324c68f2f0b5f10e34e059d460184c02d88e96da93de215a
SSDEEP

393216:xABJj8KUYvXfvFRyLjqBi8892YRDuiEDRFE52AWhA:SJIjASci88MGuiEDRFILWu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\429c2c1c1c141c8239a87fb0b0fd8372daa0ead047ecf04955da2503deeb86db.exe
"C:\Users\Admin\AppData\Local\Temp\429c2c1c1c141c8239a87fb0b0fd8372daa0ead047ecf04955da2503deeb86db.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download