358d315d84331cc6398c29ae5b4ea075db7aadf689022542496c78fcc062e05d | Triage

Analysis

max time kernel
102s
max time network
105s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 04:59

Sharing

Report Analysis Logs

General

Target

358d315d84331cc6398c29ae5b4ea075db7aadf689022542496c78fcc062e05d.exe
Size

1.1MB
MD5

02f82653f90200ced500784dd2784c17
SHA1

88f46b3af4d45812c4f621c1b87e2d6a8c27fd3b
SHA256

358d315d84331cc6398c29ae5b4ea075db7aadf689022542496c78fcc062e05d
SHA512

cd10a191ca228a2f817f5d3dab4138a83ce9de360077c950e4de81cc1e58c95a2aa8cf6453ed8b028bcf58281bbb4a7106043c8b2e823dfdc366f494993bcb32
SSDEEP

24576:Stb20pkaCqT5TBWgNQ7asqgjrAAtwSKW6A:fVg5tQ7asrjr/t/5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\358d315d84331cc6398c29ae5b4ea075db7aadf689022542496c78fcc062e05d.exe
"C:\Users\Admin\AppData\Local\Temp\358d315d84331cc6398c29ae5b4ea075db7aadf689022542496c78fcc062e05d.exe"
1⤵
PID:1352

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1352-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download