b82edd7205a215c5cce4ee969d9ca9b542771bf7e8764ce5b04f992dcfba9a0b | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-09-2022 16:20

Sharing

Report Analysis Logs

General

Target

REF.lnk
Size

1KB
MD5

38fa8e007b5a303f030aec01aaa0a739
SHA1

6e99bd47908fc110d963c47301f801a498591bce
SHA256

e800ed724d43fb522c18bdda737c52dab1a55eda7e45577c2564ad33390a3e3b
SHA512

44426223d563ad3300bc67bcd1e3b8288592b1c14bf4d740ccd3339533bf1191e81f3bc5f4965f6679344e2554d0a28c9aea5be8ea80a87a432339306f7a2c69

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\REF.lnk
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

Filesize
8KB

Download