861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847 | Triage

Analysis

max time kernel
159s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 20:20

Sharing

Report Analysis Logs

General

Target

861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe
Size

444KB
MD5

61e3610e99cf93d96d79a1f3bf023a3b
SHA1

5ba9d8506042aa613bac7c68a263bbd037d79d0f
SHA256

861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
SHA512

be7579c4e4b5f5a96582cc2eafc8689ce6a13090b881677a9ae8ee1d24913a56604aafc438a21554ab8afffc49558e09efc41697085e521d6fae25148ea407b4
SSDEEP

12288:14JZcV9VV+VFpVCvVVOvt1ENcvez7206dVYHhTf0wXWRm:Ov0Nm06IHhT78m

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe
"C:\Users\Admin\AppData\Local\Temp\861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe"
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4232-132-0x0000000000FF0000-0x0000000001064000-memory.dmp

Filesize
464KB

Download
memory/4232-133-0x0000000005A10000-0x0000000005AAC000-memory.dmp

Filesize
624KB

Download
memory/4232-134-0x0000000006060000-0x0000000006604000-memory.dmp

Filesize
5.6MB

Download
memory/4232-135-0x0000000005B50000-0x0000000005BE2000-memory.dmp

Filesize
584KB

Download
memory/4232-136-0x0000000005AB0000-0x0000000005ABA000-memory.dmp

Filesize
40KB

Download
memory/4232-137-0x0000000005BF0000-0x0000000005C46000-memory.dmp

Filesize
344KB

Download