fe0bb34093c8ac0fe6eb0fe1e2bf6f3df1e18949abf411f46ee6385578a8839a | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 08:37

Sharing

Report Analysis Logs

General

Target

fe0bb34093c8ac0fe6eb0fe1e2bf6f3df1e18949abf411f46ee6385578a8839a.exe
Size

3.5MB
MD5

b33faa5d1d78cc5d578b6c5e8c3e47f6
SHA1

fc1b49b5b19aa96d496d8c6bd82853aa4e43dc5f
SHA256

fe0bb34093c8ac0fe6eb0fe1e2bf6f3df1e18949abf411f46ee6385578a8839a
SHA512

93cf4b8dc1f3634d4421bc061fd8600372c755bdc97aaca5cec26d63fb9750fe6d87c57f2a30ea55f7bb9b772f168e83fd06f90f456eeb553fbd2363d03df0b6
SSDEEP

49152:61EMxaSWu1vZ4/6eHkxXi1Ji0m7gmQqfGNobcoSaASrhIQcWK88SAAB621Tu8Hd:Ty06eH0XelmXQqc4pplXAAB6u9

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\fe0bb34093c8ac0fe6eb0fe1e2bf6f3df1e18949abf411f46ee6385578a8839a.exe
"C:\Users\Admin\AppData\Local\Temp\fe0bb34093c8ac0fe6eb0fe1e2bf6f3df1e18949abf411f46ee6385578a8839a.exe"
1⤵
PID:1388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download