d6796aaaa5299422fa97ad25736ad6734349b52f7ab4a64c7278b50780b8a31d | Triage

Analysis

max time kernel
141s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 21:37

Sharing

Report Analysis Logs

General

Target

d6796aaaa5299422fa97ad25736ad6734349b52f7ab4a64c7278b50780b8a31d.exe
Size

96KB
MD5

bd07ef0331243a33c899b673ff1e4fa0
SHA1

d61b97c125cb9b19c13592efc8598678aa837e71
SHA256

d6796aaaa5299422fa97ad25736ad6734349b52f7ab4a64c7278b50780b8a31d
SHA512

c3259847d3bf27e79c9c77655ba2c4f0f512e77034fc3f1a68166fcb2afc49b0347bfcd43db52f24f1c84e1969b20bfc24334561a38ffbf7a1ef0e64a4c21e85
SSDEEP

1536:5Px/CJAmx2/W5Ebnto4tmJ+TW7HhNSmmRzYfg5wxKvNMAf9XqA:Fx6UW6tpmJfHRcYdcXqA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d6796aaaa5299422fa97ad25736ad6734349b52f7ab4a64c7278b50780b8a31d.exe
"C:\Users\Admin\AppData\Local\Temp\d6796aaaa5299422fa97ad25736ad6734349b52f7ab4a64c7278b50780b8a31d.exe"
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads