8a38247ed0dbc08c8072077b3956e723aa664b3794deb693750092b023f81674 | Triage

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 14:54

Sharing

Report Analysis Logs

General

Target

8a38247ed0dbc08c8072077b3956e723aa664b3794deb693750092b023f81674.asp
Size

74KB
MD5

a27fbd757d6cbee2d2f2a0183ff4b0f0
SHA1

24b8a2d15b233bd2b4e9284089e44fe3d5450744
SHA256

8a38247ed0dbc08c8072077b3956e723aa664b3794deb693750092b023f81674
SHA512

d490adc0835b0f904cca08c79a962941fbbdbc2891c219ad356732ed2e32b6e1722d302972fe237e0c45350b86bdf6fb051f2fa5829c9c7ca623e5f8cc875a2e
SSDEEP

1536:svtJVMLSgqEgD3SJVcS+5+AHByZpx5yaocdsgq/1Zpejk7BcC:svbamgqz+Ajcf7ocdVq/13+k7B5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\8a38247ed0dbc08c8072077b3956e723aa664b3794deb693750092b023f81674.asp
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x000007FEFB781000-0x000007FEFB783000-memory.dmp

Filesize
8KB

Download