eb1d7349746e09e4303b66c81cc879929ced4d05ad1dabc8a6d15a046373919a | Triage

Analysis

max time kernel
259s
max time network
396s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 03:39

Sharing

Report Analysis Logs

General

Target

eb1d7349746e09e4303b66c81cc879929ced4d05ad1dabc8a6d15a046373919a.exe
Size

59KB
MD5

a135bc5691d4eee07f7faa93e6bd03d1
SHA1

6c85ba3594589dcc13ab2603ef1aa95d7aa59a9b
SHA256

eb1d7349746e09e4303b66c81cc879929ced4d05ad1dabc8a6d15a046373919a
SHA512

2cb2ddd3953b4d7094d8de3c2ad3d4e647b48e1a9f3cb0c29b446691a824c7dcfed4f456321ea305dbba223c5447c336c3154d0011bdf0b5a4fc62e984fa230c
SSDEEP

1536:rR9WpsXVr/9jWkGe61nQVfO4Romu/C61kLMjk/5UG:rR9brMk21nQVO458ABD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\eb1d7349746e09e4303b66c81cc879929ced4d05ad1dabc8a6d15a046373919a.exe
"C:\Users\Admin\AppData\Local\Temp\eb1d7349746e09e4303b66c81cc879929ced4d05ad1dabc8a6d15a046373919a.exe"
1⤵
PID:520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-54-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download
memory/520-55-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/520-56-0x0000000000240000-0x0000000000276000-memory.dmp

Filesize
216KB

Download
memory/520-57-0x0000000000240000-0x0000000000276000-memory.dmp

Filesize
216KB

Download
memory/520-58-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/520-59-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/520-60-0x0000000000240000-0x000000000024D000-memory.dmp

Filesize
52KB

Download