45438e0d6a47a90beea24d4bb1d0a4387032a12a9b7d64b2e08986cbfb264406 | Triage

Resubmissions

11-03-2023 15:20

230311-sqvv2abh7w 7

11-03-2023 13:56

230311-q8tpksbf8y 10

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-03-2023 13:56

Sharing

Report Analysis Logs

General

Target

babyk/decryptor.exe
Size

69KB
MD5

e1b2cfa88cc03d30a6f6268b72babbc4
SHA1

f75c083f9fef28ca9cd5d05c9172dc44477712d6
SHA256

4192105a7de1145b81bf2debf8940f3d3afe02f8237d57fbeaf108179b922f35
SHA512

2ac7011bb28a1cd53d6ff793923f0b9879b830154e9a0dd1c86406e1fd33507398b4575ffc11df08e6c27305e2ca69022594dc711a83a4f6c75f760f0ab495c2
SSDEEP

1536:Ei6+W1BBsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2wARxYTs88:y+WhsrQLOJgY8Zp8LHD4XWaNH71dLdGo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\babyk\decryptor.exe
"C:\Users\Admin\AppData\Local\Temp\babyk\decryptor.exe"
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads