17ae70fad7d701f43fba6c396b29ef35968c2ff700292975e31b8f2ee61ca683 | Triage

Analysis

max time kernel
18s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 15:45

Sharing

Report Analysis Logs

General

Target

17ae70fad7d701f43fba6c396b29ef35968c2ff700292975e31b8f2ee61ca683.exe
Size

49KB
MD5

dc039e65533a5fb413260ef1d7975f57
SHA1

1b10a3f3d1db8626d9141610044ad166d5368b5a
SHA256

17ae70fad7d701f43fba6c396b29ef35968c2ff700292975e31b8f2ee61ca683
SHA512

3aa5859c423dd8c0ca447fe30e1c5a97353939c07ca111f43230f16bd8a8dd8018bdb57286b82e29acfdfc4595b89b0a26d26a2d8cbe272a77497bfdc1c68ec4
SSDEEP

768:YnAGtOIvbSD2l6t+5aXUPmCEX2MpwDzvrSXjzYcCeBW1KD:oLOIG+uPv+fDzvrSXxBT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\17ae70fad7d701f43fba6c396b29ef35968c2ff700292975e31b8f2ee61ca683.exe
"C:\Users\Admin\AppData\Local\Temp\17ae70fad7d701f43fba6c396b29ef35968c2ff700292975e31b8f2ee61ca683.exe"
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1588-54-0x000007FEF4A40000-0x000007FEF5463000-memory.dmp

Filesize
10.1MB

Download
memory/1588-55-0x000007FEF35D0000-0x000007FEF4666000-memory.dmp

Filesize
16.6MB

Download
memory/1588-56-0x00000000009A6000-0x00000000009C5000-memory.dmp

Filesize
124KB

Download
memory/1588-57-0x00000000009A6000-0x00000000009C5000-memory.dmp

Filesize
124KB

Download