3a6b19027ddb769a13571ba37693a8979898ed2dc0522ff72548f940a5347d6f | Triage

Analysis

max time kernel
151s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-03-2023 04:33

Sharing

Report Analysis Logs

General

Target

3a6b19027ddb769a13571ba37693a8979898ed2dc0522ff72548f940a5347d6f.exe
Size

5.5MB
MD5

d8dc3d14960306f43fe906cee37fba2c
SHA1

0c21904e5410f89c19043a4eb67152c24bc8b1b5
SHA256

3a6b19027ddb769a13571ba37693a8979898ed2dc0522ff72548f940a5347d6f
SHA512

b68df47dffb0bae685b6e0f3ceaa5443a3d0e177a9b9fee6904722de66734d1d22d18f081a6e03a3f69d4b0102d3f7b95b24996b41c75f093170ca57a942f228
SSDEEP

98304:KAp+zrYBsMYLrtwn3iwINfRsMetfvcDniz7fIAyAND3pU7F8NpYNq:BUzUsRr7NfRsM2fvciTIfAB3KKb

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3a6b19027ddb769a13571ba37693a8979898ed2dc0522ff72548f940a5347d6f.exe
"C:\Users\Admin\AppData\Local\Temp\3a6b19027ddb769a13571ba37693a8979898ed2dc0522ff72548f940a5347d6f.exe"
1⤵
PID:904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-73-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download