f8cd3bbe6c89fa16f6030a5384a5781e86f382a31e2afbab20e9e1f0773d67a7 | Triage

Analysis

max time kernel
51s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f8cd3bbe6c89fa16f6030a5384a5781e86f382a31e2afbab20e9e1f0773d67a7.exe
Size

95KB
MD5

564f245fdbc5643520785941c20d889a
SHA1

24f183bcc0088795c3ee0718e431d00cbbecfa9c
SHA256

f8cd3bbe6c89fa16f6030a5384a5781e86f382a31e2afbab20e9e1f0773d67a7
SHA512

6042b2bea94977f03bce42f1a7a914b133c641d11f629f45e589cedb815a9ca0e36c5b6266b7e59e0b46e24582ba2e7c6c3f09fed7438f64cf5c7d6203df3bdc
SSDEEP

1536:PPx/CJAmx2/W5Ebnto4tmJk4Romu/y+yuRhoEXBpnbfRpQmJMw/F:Hx6UW6tpmJk45FKjJ7nbppQmJM8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\f8cd3bbe6c89fa16f6030a5384a5781e86f382a31e2afbab20e9e1f0773d67a7.exe
"C:\Users\Admin\AppData\Local\Temp\f8cd3bbe6c89fa16f6030a5384a5781e86f382a31e2afbab20e9e1f0773d67a7.exe"
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-54-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download