63ade90920f3c771336089bd7fe255a76d81781c761347e8016d81eadd5ae687 | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-09-2022 15:25

Sharing

Report Analysis Logs

General

Target

banners/aquaDisassociations.js
Size

225B
MD5

603256a9748d57cb0bc3ffb27c301970
SHA1

b6ba91e8f52a07ba984411ddda120359f3196ac7
SHA256

3c942da5ac014f728a65ddbbcb27539fb1d7e4cb4ef4523ff47d2627228048a1
SHA512

884e75e2fd0ef3944ff291d2785d786b1ca91d7cf945f0e4d8cc6a51a94b8d5cd82ad8294d02db003a6784021b6d0f0b03549dcebbe756fade9f6d43be10e064

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\banners\aquaDisassociations.js
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1816-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

Filesize
8KB

Download