5ac0407cab35e2df05edae2cf19a586bcf3e57d5a912f0af4982d753915c88aa | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/02/2023, 02:28

Sharing

Report Analysis Logs

General

Target

5ac0407cab35e2df05edae2cf19a586bcf3e57d5a912f0af4982d753915c88aa.exe
Size

13.6MB
MD5

21f22600138095e537e73b08d2f2a7e8
SHA1

a19a8bf3f1be15b0f5aaeb2ccc7e6c295e1fa48d
SHA256

5ac0407cab35e2df05edae2cf19a586bcf3e57d5a912f0af4982d753915c88aa
SHA512

17d3df426c3f022cc81aa6f51215d55a6e7234dc6fc091d10438a2c72e5e9a9ce54f569039dadd815c6c2488e273eb9085b41c4051159d1edc840b73e83fcdf9
SSDEEP

393216:5KDUiLyeN23ErL1m0fufMJ3mdAA9KeZeknQ:5oLyk2U34aubbW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\5ac0407cab35e2df05edae2cf19a586bcf3e57d5a912f0af4982d753915c88aa.exe
"C:\Users\Admin\AppData\Local\Temp\5ac0407cab35e2df05edae2cf19a586bcf3e57d5a912f0af4982d753915c88aa.exe"
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1264-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download