f5059c805d743e4f817a04426dc808721c81663acb23e956a996f988c14fd1c9 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:37

Sharing

Report Analysis Logs

General

Target

f5059c805d743e4f817a04426dc808721c81663acb23e956a996f988c14fd1c9.exe
Size

337KB
MD5

cbe6ac044e68dd46ec64405fb1c0ac29
SHA1

116a2317aee9890460ec718f04ec6f3c66e27ace
SHA256

f5059c805d743e4f817a04426dc808721c81663acb23e956a996f988c14fd1c9
SHA512

2891475b00fd0260de67a9d8f7d437b548015c7a93daf20fd4a5ed877cf7272917b3ba60005ada5c9d77d246dc8eb827d7c9e3682a014018046270becaa54cc4
SSDEEP

6144:rsngP1rg/QElsqaQIc7kHDPQplAkyGWBBsifb9FiF6bwItb2G4eV:gWGVSqaQIokz0lAkTWBBFfbPcHIFFV

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\f5059c805d743e4f817a04426dc808721c81663acb23e956a996f988c14fd1c9.exe
"C:\Users\Admin\AppData\Local\Temp\f5059c805d743e4f817a04426dc808721c81663acb23e956a996f988c14fd1c9.exe"
1⤵
PID:816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/816-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download