b38b0471f1552d78895a95514d0977960982bf4e0bb94f129f1aa5333d496564 | Triage

Analysis

max time kernel
3s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 07:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b38b0471f1552d78895a95514d0977960982bf4e0bb94f129f1aa5333d496564.exe
Size

172KB
MD5

b208374e3ffc59f376f9a119e67b5068
SHA1

3f3208af6138e8dc6b821b45e0c73533c6a25a6e
SHA256

b38b0471f1552d78895a95514d0977960982bf4e0bb94f129f1aa5333d496564
SHA512

3c8c1a0b90e8ccb15f7071709c30e3e3e00764fb0eea24a09946e727ab1ea0da24c44e4f8a67f2e7717d85403b0ae31bf19c263660ec12b14e8741dd2d8b4221
SSDEEP

3072:1PNnrdt5ICQQoWR402tekTPXdB4S7540t4ULmsaOe:15r5lDTeek7L4S7540eP0e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b38b0471f1552d78895a95514d0977960982bf4e0bb94f129f1aa5333d496564.exe
"C:\Users\Admin\AppData\Local\Temp\b38b0471f1552d78895a95514d0977960982bf4e0bb94f129f1aa5333d496564.exe"
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000075291000-0x0000000075293000-memory.dmp

Filesize
8KB

Download
memory/832-55-0x0000000000400000-0x00000000007BC000-memory.dmp

Filesize
3.7MB

Download