2681b63a160cb305af71114c8984e61295901e8fcea52ce2992d8d700519d14d | Triage

Analysis

max time kernel
151s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 18:52

Sharing

Report Analysis Logs

General

Target

2681b63a160cb305af71114c8984e61295901e8fcea52ce2992d8d700519d14d.exe
Size

1.5MB
MD5

1c1af6602efcd9825ba32763bc5a2f45
SHA1

4cc0a697ff67507d690c166e3bd0620c911fdee0
SHA256

2681b63a160cb305af71114c8984e61295901e8fcea52ce2992d8d700519d14d
SHA512

d8564198dfad5b866b319c7429e7c3defea8f6b67f7fa169997e8043711852df168de0358493033507e0f4f9856d1800dce36c49d007c46f23e90d83582686a0
SSDEEP

24576:XcEQJgij17EkRDxdNMKc7xk6HF0TZLCLHKPx7LbGkS9OgwVLtWlkc48GRq5UFv5y:UJFIkkKc7e66TZL8oGNMgaE48Gg5Ubfe

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2681b63a160cb305af71114c8984e61295901e8fcea52ce2992d8d700519d14d.exe
"C:\Users\Admin\AppData\Local\Temp\2681b63a160cb305af71114c8984e61295901e8fcea52ce2992d8d700519d14d.exe"
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads