a40d4de019c5a1a1594645ee22de5629642a25c52e28ca49d6a2e5355aa8bce1 | Triage

Analysis

max time kernel
41s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 15:18

Sharing

Report Analysis Logs

General

Target

a40d4de019c5a1a1594645ee22de5629642a25c52e28ca49d6a2e5355aa8bce1.exe
Size

1.5MB
MD5

9a4a0a2d0d58bdc1cc2ff4d8a5c25933
SHA1

c854c6c8a0b82caae3c5a5e76e614ba0c0432c40
SHA256

a40d4de019c5a1a1594645ee22de5629642a25c52e28ca49d6a2e5355aa8bce1
SHA512

3c35b6ed1ad63a64acd202d96a91854b0bacfec468bb3fb914caadd15468ac8fc3b2376f3a6c8cac225ab511c8324efe655399abf62278811aa3843dc05ebb3b
SSDEEP

24576:VZT4UlYd6HvQod+jmZJgp5P/019t0urTARN1waPd551AQHfmPx6sT8wfVn4sos:VhVPQ/uJgfMpXARN1lP/bHfmPVhdnz

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\a40d4de019c5a1a1594645ee22de5629642a25c52e28ca49d6a2e5355aa8bce1.exe
"C:\Users\Admin\AppData\Local\Temp\a40d4de019c5a1a1594645ee22de5629642a25c52e28ca49d6a2e5355aa8bce1.exe"
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1128-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download