1c6352000d05b7d04fd1b99daa213245aa4de4354fa7525446b2fdf805dd61e8 | Triage

Analysis

max time kernel
14s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 13:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c6352000d05b7d04fd1b99daa213245aa4de4354fa7525446b2fdf805dd61e8.exe
Size

1.1MB
MD5

ae2af547b27f623532f67faa6c2d1ab7
SHA1

240db1b05124cbbeada393cd360aca3fd98d3d80
SHA256

1c6352000d05b7d04fd1b99daa213245aa4de4354fa7525446b2fdf805dd61e8
SHA512

79bb1f801f8713b91264316263abe5dd119c0488f46206f44c366983bd9997eef32200c6e8e182964e87cecbe95598e6e8c41a769dc561362b4004f1cb9c8cc7
SSDEEP

24576:56VB64gTEVHbtphLcDHya1G7BBfvDn/3VKPPeNtre6YvYcwee92t8Cz:56Vw4gYb7hLcDHy4+jROeNJe6cwee92j

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1c6352000d05b7d04fd1b99daa213245aa4de4354fa7525446b2fdf805dd61e8.exe
"C:\Users\Admin\AppData\Local\Temp\1c6352000d05b7d04fd1b99daa213245aa4de4354fa7525446b2fdf805dd61e8.exe"
1⤵
PID:1772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1772-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download