d67ad4a3535cb18cc375a8c123c0f87920386680ab9053e9ddb4ca3aad9b1a03 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 16:58

Sharing

Report Analysis Logs

General

Target

d67ad4a3535cb18cc375a8c123c0f87920386680ab9053e9ddb4ca3aad9b1a03.exe
Size

623KB
MD5

242b729d0ac8d1a0478747ee0e11c881
SHA1

0cddb9785c2d15753640b69152826d0b364b2f13
SHA256

d67ad4a3535cb18cc375a8c123c0f87920386680ab9053e9ddb4ca3aad9b1a03
SHA512

0aa05f4a5217ab5339cf3c372e780d1fb14bd1424700e5bb150788f2d0bfd11e0dbeb99bf4e3fad96d1d568ce4debda722effabfdaa5dbc428d734effbc1b246
SSDEEP

12288:6HD1gq048udtSVYKdRqqy08LkCUM8g5LnRZ3U4vN4xikH6:6HD1ga3dBKd8w8LkCHFvw6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d67ad4a3535cb18cc375a8c123c0f87920386680ab9053e9ddb4ca3aad9b1a03.exe
"C:\Users\Admin\AppData\Local\Temp\d67ad4a3535cb18cc375a8c123c0f87920386680ab9053e9ddb4ca3aad9b1a03.exe"
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download