494eb9f535878ad5c69e53e15ab8bca74f219235663cd28cc5553739322e09a8 | Triage

Analysis

max time kernel
186s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 14:28

Sharing

Report Analysis Logs

General

Target

494eb9f535878ad5c69e53e15ab8bca74f219235663cd28cc5553739322e09a8.exe
Size

60KB
MD5

72e7bdb52a37127265d681ab588b24cf
SHA1

eaa5da173183ee233056d510b963e74a1365153a
SHA256

494eb9f535878ad5c69e53e15ab8bca74f219235663cd28cc5553739322e09a8
SHA512

b76f366d0bd45f66d28a17370b0703f221b4214cd4fb343dd6d7c1a571964c0067f211d974bc6e25dbfdc4a20e63c024f17672bc75c41a4ce31e42b3adf66b10
SSDEEP

1536:Ejae1wYxmBBoskJ/pHEH6Tbtafc3yoM9t:EmeDmBqskJ/pHSAEfcioM7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\494eb9f535878ad5c69e53e15ab8bca74f219235663cd28cc5553739322e09a8.exe
"C:\Users\Admin\AppData\Local\Temp\494eb9f535878ad5c69e53e15ab8bca74f219235663cd28cc5553739322e09a8.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads