86fdfae373a43d10ab5e089e3a9497dd7850f631a7000171aa2e0c5c736527cc | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 11:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

86fdfae373a43d10ab5e089e3a9497dd7850f631a7000171aa2e0c5c736527cc.exe
Size

85KB
MD5

1d6d57d38e6d43a4ba9e20fe750d5162
SHA1

3448a9f9bdb98c3d717b8bd953c6ed77e92f73c2
SHA256

86fdfae373a43d10ab5e089e3a9497dd7850f631a7000171aa2e0c5c736527cc
SHA512

8ff5dcd0978307ab91573bdf06f29eee7d0deac0dab0e07efb0de177b880c2999674272338563e82927f5227ff322fbfab62aeccd9483612325b1944cd6d3e04
SSDEEP

1536:3Px/CJAmx2/W5Ebnto4tmJpP1aHnFCvOgdFyALakV1a0vY/:fx6UW6tpmJpPgk7aajvY/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\86fdfae373a43d10ab5e089e3a9497dd7850f631a7000171aa2e0c5c736527cc.exe
"C:\Users\Admin\AppData\Local\Temp\86fdfae373a43d10ab5e089e3a9497dd7850f631a7000171aa2e0c5c736527cc.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download