dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af | Triage

Analysis

max time kernel
311s
max time network
396s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 10:24

Sharing

Report Analysis Logs

General

Target

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af.exe
Size

591KB
MD5

0834efddb9435dded5c3da54ff228b20
SHA1

424842ccd83bc89aa5b71a6d1ba6d7313106e815
SHA256

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af
SHA512

a329760633a75654ee9e4fe0c641a8d2752188b79b022367cee9345722279d8329ab7c761dca9ec50527dc0f070dbb049f0944cd697521054f40ae3c26b423a2
SSDEEP

12288:f4To2d5Ji5By5e3Vw/s2l7rsZf/XPxGDyXSMCE4adjkp3bWW9:b2d5Ji5C8VwUD/xGuiGG5d

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af.exe
"C:\Users\Admin\AppData\Local\Temp\dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af.exe"
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads