99931e83578661d40a31b6ce899ef7d36450ab1da2f3322c9cfbaa8e311f638d | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 12:03

Sharing

Report Analysis Logs

General

Target

99931e83578661d40a31b6ce899ef7d36450ab1da2f3322c9cfbaa8e311f638d.exe
Size

1.8MB
MD5

b557158b4f90e8c610e1cffb0cd395f6
SHA1

037845e482fb6af8f745f18b823f6dc6a399ffad
SHA256

99931e83578661d40a31b6ce899ef7d36450ab1da2f3322c9cfbaa8e311f638d
SHA512

0ea2875007312a0f18ca14c35435ce9dba2265f5dae00538572a60b535291a52b89c339d3299a8e24932e5aac19b918a9376d159954e887f6de9aca95e1f17f5
SSDEEP

49152:XqPuFGzCcot3LT6HyBIeNVoCXd1sx6Wul8Hsmb:XqmFeot3HIeNXCY8Hs+

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\99931e83578661d40a31b6ce899ef7d36450ab1da2f3322c9cfbaa8e311f638d.exe
"C:\Users\Admin\AppData\Local\Temp\99931e83578661d40a31b6ce899ef7d36450ab1da2f3322c9cfbaa8e311f638d.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download