0493814e9da4671e7478c8fcde8676d61f161c9e75211038edd97773c37db393 | Triage

Analysis

max time kernel
10s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 02:07

Sharing

Report Analysis Logs

General

Target

0493814e9da4671e7478c8fcde8676d61f161c9e75211038edd97773c37db393.exe
Size

12.2MB
MD5

056e8ee5c8ed50711786a0cbd028e326
SHA1

2a83b4fc9039fd7790c5900cecd287ee1fe283b9
SHA256

0493814e9da4671e7478c8fcde8676d61f161c9e75211038edd97773c37db393
SHA512

b6ecb5e33429aaae10ee8803b011ff87f04792eb95d3b52019190a7696f1ab9874dd1d6df0193454944f5dd6c1a0568af05557e6176852bb8dd40b894807b66f
SSDEEP

393216:4GM2rlSIJJLTmFUKl6QcSEW6rnEiVUuQl5K:4MsaaWu7EW6bEiuplk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0493814e9da4671e7478c8fcde8676d61f161c9e75211038edd97773c37db393.exe
"C:\Users\Admin\AppData\Local\Temp\0493814e9da4671e7478c8fcde8676d61f161c9e75211038edd97773c37db393.exe"
1⤵
PID:772

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/772-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download