11ab051dd40ad83d8c5e042a073a85a21e555d746cbd474f8b4b4c1d07234717 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 15:08

Sharing

Report Analysis Logs

General

Target

11ab051dd40ad83d8c5e042a073a85a21e555d746cbd474f8b4b4c1d07234717.exe
Size

550KB
MD5

70582c8def0a008fa31b78c3b363a99b
SHA1

03b85ef7a9f80fc645c669951001e1c4b5f8fda3
SHA256

11ab051dd40ad83d8c5e042a073a85a21e555d746cbd474f8b4b4c1d07234717
SHA512

3045348de56708541c8ffcb720e2728768dbeb0f16cb2bac50e27b2b0b389a792cc29da9c896d2a40b9187b1f65658eff73476a76deaa80c4682f04f256bde2a
SSDEEP

12288:snRFtj2zJfUbLXEftfLtA8RKO1WHVaTYe70ht8oJo6:qRFtj2dfU3XEFrR41+Ye4/x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\11ab051dd40ad83d8c5e042a073a85a21e555d746cbd474f8b4b4c1d07234717.exe
"C:\Users\Admin\AppData\Local\Temp\11ab051dd40ad83d8c5e042a073a85a21e555d746cbd474f8b4b4c1d07234717.exe"
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/2024-55-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2024-56-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download