ea65c99c3a7915a655f65ffd83902c5e6662063cab2b57698cdf83d16e48ea0a | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:13

Sharing

Report Analysis Logs

General

Target

ea65c99c3a7915a655f65ffd83902c5e6662063cab2b57698cdf83d16e48ea0a.exe
Size

567KB
MD5

222c0d32aa40750c01b96fe8032cc664
SHA1

1d0deb3771b82b94a36777dc4d5c0dbd3e540af0
SHA256

ea65c99c3a7915a655f65ffd83902c5e6662063cab2b57698cdf83d16e48ea0a
SHA512

cc0e50e1445f53cdebab5a78e905ef266a6b3258b7d06aef1cb2f255ab65009d2c1cbe1e16f85e9cee6be3419cd4a9e1d53b8e4714fc1f5c5ede336bc89a4423
SSDEEP

12288:neEtp6gKSoQd9eTeSH11HJ0uarfCGbtrGtWi/B++Hho:nhpD4Qd9eT/1HnarfC/rB+W+

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ea65c99c3a7915a655f65ffd83902c5e6662063cab2b57698cdf83d16e48ea0a.exe
"C:\Users\Admin\AppData\Local\Temp\ea65c99c3a7915a655f65ffd83902c5e6662063cab2b57698cdf83d16e48ea0a.exe"
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-54-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download