d73ec03a1a06e0a1328a5f5f2d7eeb6c12d400a01302201a81cad78a2418be9d | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 09:58

Sharing

Report Analysis Logs

General

Target

d73ec03a1a06e0a1328a5f5f2d7eeb6c12d400a01302201a81cad78a2418be9d.exe
Size

9.4MB
MD5

caac64940c9eb95b47c08e95438c4b6d
SHA1

02eeab3bf937fc0b3ff6f27596954b74ecdc8839
SHA256

d73ec03a1a06e0a1328a5f5f2d7eeb6c12d400a01302201a81cad78a2418be9d
SHA512

6b31055550d4f5cc8749d9d81cca9a69aca263f02edda6ccf50c2ba68cb6a0872156071a1b39cbb65835d19d7994c2e91d4835ecfc480e1beec19379724974df
SSDEEP

196608:5aCLd2wz4EfGWvDGfh0JgHC8arVqZA8wDhiMub/cbJBWI+x6LPog:5aCLkWvDGggHWVVhiMuTQHWvKPog

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d73ec03a1a06e0a1328a5f5f2d7eeb6c12d400a01302201a81cad78a2418be9d.exe
"C:\Users\Admin\AppData\Local\Temp\d73ec03a1a06e0a1328a5f5f2d7eeb6c12d400a01302201a81cad78a2418be9d.exe"
1⤵
PID:1796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads