Resubmissions

02-10-2022 15:25

221002-stk51adhdn 10

30-09-2022 13:52

220930-q6sdqsdga9 10

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2022 15:25

General

  • Target

    cadets/placeable.png

  • Size

    8KB

  • MD5

    48e0c25fbb3470df1eb11bc719f520eb

  • SHA1

    f4fb32021c08be6ba9353d64c7dfe50ea971b0ac

  • SHA256

    9f01c01d6ba9ca30ea726906ba83db16da37d8dcf727baa8ed7494634ea1043e

  • SHA512

    984c221e8876ef6fd951e27d600e11118bef283b55351e74449f0deb884f3cbcdc0ff6c0a0456519f1210aa2fd11329b7116f78470af916dc1e97ec1c28cd2bc

  • SSDEEP

    192:mPNtXcmZy2UJJCOq/9hs/2N9SfM6dvRsnfw4MUsLj7Aq3BO:mPNh385Jolm+d6Ynqng

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices ⋅ 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\cadets\placeable.png
    PID:1684

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads