8b89e7df4374d46bfab35e174ecf20f2f1401afee86fad3585b0084c05007f19 | Triage

Analysis

max time kernel
111s
max time network
41s
platform
windows7_x64
resource
win7v20210408
submitted
27-09-2021 01:05

Sharing

Report Analysis Logs

General

Target

PO N. 오르딘 338390208B,pdf.exe
Size

673KB
MD5

e8f7cefb49fe42b90abf1909ad447bec
SHA1

1bc891a06c4ab60d5b5d2ce82fe2fae202486078
SHA256

8b89e7df4374d46bfab35e174ecf20f2f1401afee86fad3585b0084c05007f19
SHA512

f2f8f041e8bb78890acd5421ae01c7af41ac52e83b3da7d1fdb95812b16400f40ac06c69983fd537b91d19e34b81c8674261c772cadd7629cfe8b4a41a9385b7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\PO N. 오르딘 338390208B,pdf.exe
"C:\Users\Admin\AppData\Local\Temp\PO N. 오르딘 338390208B,pdf.exe"
1⤵
PID:760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/760-59-0x0000000075051000-0x0000000075053000-memory.dmp

Filesize
8KB

Download