b4959b8e5d6b97d1264c92ac55e8f8fcf5139fad72d46c74565e37596cfa13b9 | Triage

Analysis

max time kernel
34s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 08:05

Sharing

Report Analysis Logs

General

Target

b4959b8e5d6b97d1264c92ac55e8f8fcf5139fad72d46c74565e37596cfa13b9.exe
Size

49KB
MD5

1055e0d723c462382421f0eb1d8a3a82
SHA1

a7654ca8f994d2e8e318aa46f9cb548390404bb7
SHA256

b4959b8e5d6b97d1264c92ac55e8f8fcf5139fad72d46c74565e37596cfa13b9
SHA512

99add1a9a8072da2c1b817721e2c9835042173a2331b9236a1963cde6fa7fb74fdf707cf6f9d1c36e26fbee7ab3081cd14b7b7b2a1edc8f2ab545564b6a14359
SSDEEP

1536:8rM+EIJ5bFGooG6mlybyD60rtOiAJ1C6vI:8rF5AooDmlkutfAJ1C6vI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b4959b8e5d6b97d1264c92ac55e8f8fcf5139fad72d46c74565e37596cfa13b9.exe
"C:\Users\Admin\AppData\Local\Temp\b4959b8e5d6b97d1264c92ac55e8f8fcf5139fad72d46c74565e37596cfa13b9.exe"
1⤵
PID:1928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download