Analysis
-
max time kernel
159s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 20:20
Static task
static1
Behavioral task
behavioral1
Sample
861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe
Resource
win10v2004-20221111-en
General
-
Target
861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847.exe
-
Size
444KB
-
MD5
61e3610e99cf93d96d79a1f3bf023a3b
-
SHA1
5ba9d8506042aa613bac7c68a263bbd037d79d0f
-
SHA256
861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
-
SHA512
be7579c4e4b5f5a96582cc2eafc8689ce6a13090b881677a9ae8ee1d24913a56604aafc438a21554ab8afffc49558e09efc41697085e521d6fae25148ea407b4
-
SSDEEP
12288:14JZcV9VV+VFpVCvVVOvt1ENcvez7206dVYHhTf0wXWRm:Ov0Nm06IHhT78m
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4232-132-0x0000000000FF0000-0x0000000001064000-memory.dmpFilesize
464KB
-
memory/4232-133-0x0000000005A10000-0x0000000005AAC000-memory.dmpFilesize
624KB
-
memory/4232-134-0x0000000006060000-0x0000000006604000-memory.dmpFilesize
5.6MB
-
memory/4232-135-0x0000000005B50000-0x0000000005BE2000-memory.dmpFilesize
584KB
-
memory/4232-136-0x0000000005AB0000-0x0000000005ABA000-memory.dmpFilesize
40KB
-
memory/4232-137-0x0000000005BF0000-0x0000000005C46000-memory.dmpFilesize
344KB