General
Target

intelsoftwareassetmanagerservice.exe

Filesize

3MB

Completed

20-05-2022 12:28

Task

behavioral1

Score
1/10
MD5

5bdebce7118d30a387fec0f9329c5437

SHA1

83a66c54772017c6fa0e243bcf5bbfebd2c29518

SHA256

b8f8ddaba5754af65c9b7c762d69e1b2bd3702307c41589977759d813bf78635

SHA256

96676730f1529972ee7f6582d43d856ffeed4706d26042c961ed14598eb03c0be410c1fe4d993b5a2eb594a7de0eba5b9004c713e29ae7e932947beda1de80b4

Malware Config
Signatures 1

Filter: none

  • Opens file in notepad (likely ransom note)
    NOTEPAD.EXE

    Tags

    Reported IOCs

    pidprocess
    1788NOTEPAD.EXE
Processes 3
  • C:\Users\Admin\AppData\Local\Temp\intelsoftwareassetmanagerservice.exe
    "C:\Users\Admin\AppData\Local\Temp\intelsoftwareassetmanagerservice.exe"
    PID:1996
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ReceiveHide.inf
    Opens file in notepad (likely ransom note)
    PID:1788
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    PID:748
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/748-55-0x0000000075841000-0x0000000075843000-memory.dmp

                          • memory/748-56-0x00000000729C1000-0x00000000729C3000-memory.dmp

                          • memory/1788-54-0x000007FEFBFD1000-0x000007FEFBFD3000-memory.dmp