Analysis
-
max time kernel
86s -
max time network
87s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
28-11-2022 03:13
Static task
static1
Behavioral task
behavioral1
Sample
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
Resource
win10v2004-20220901-en
General
-
Target
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
-
Size
908KB
-
MD5
fa2a7fc59b0b204f6e9223068dece64d
-
SHA1
1d36f75bcbd1794b6306a94d02b731677782dddb
-
SHA256
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483
-
SHA512
59c1749e85f85f5eb5aa8168bf4ee7ba2c4dd18572d011467d730c056f8d0299623b28c18ffaa1f10a6f63dc42c1110025f2e0f7911998a1006cd9cabbf091a5
-
SSDEEP
12288:8tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga6kFd1Qhm4R6A:8tb20pkaCqT5TBWgNQ7a6kF/Qh3R6A
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NTFS ADS 1 IoCs
Processes:
8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\winmgmts:\localhost\root\cimv2 8c6ce719bdd57107293b6e7136010573dbee9771bf9599379604ff9003207483.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1284-54-0x0000000075F51000-0x0000000075F53000-memory.dmpFilesize
8KB