bb49e8609de534fee476cdc8a0db81248e169f023a2ac7d7e8fae21127a03660 | Triage

Analysis

max time kernel
30s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2023 11:42

Sharing

Report Analysis Logs

General

Target

data/tor/tor.exe
Size

3.9MB
MD5

52faae579cc30d277fddf60ea4b89e2c
SHA1

f2010f4451c7aac3c767a5743370d9252bbbfd7c
SHA256

c4ee142394bf7a53e43ca86ab3c03e3712d85c15941588fc4e6e8f5c7a88c654
SHA512

3baec48c1718f2252ce788b3832d3adf145f93c3a9e6e6aeabde6d5d5d52bde32c450c46b1385961bf201c30f60570319897f614428414534867af6bf93f16a4
SSDEEP

98304:CzZ42i53gAUP71HtcjRkVfQIjiEsgYY9l7:KOaA0HtcjKVfQIb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\data\tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\data\tor\tor.exe"
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4660-132-0x00000000752A0000-0x00000000752C0000-memory.dmp

Filesize
128KB

Download
memory/4660-133-0x0000000075190000-0x000000007524F000-memory.dmp

Filesize
764KB

Download
memory/4660-134-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4660-135-0x00000000752A0000-0x00000000752C0000-memory.dmp

Filesize
128KB

Download
memory/4660-136-0x0000000075190000-0x000000007524F000-memory.dmp

Filesize
764KB

Download
memory/4660-137-0x0000000074C30000-0x0000000074ED3000-memory.dmp

Filesize
2.6MB

Download
memory/4660-138-0x0000000074EE0000-0x0000000074FA3000-memory.dmp

Filesize
780KB

Download
memory/4660-139-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download
memory/4660-140-0x0000000000700000-0x0000000000AF1000-memory.dmp

Filesize
3.9MB

Download