1e78b4b33a66aa85b48064245234737e431f31ca386bccb882350b0ff4704437 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-11-2022 18:15

Sharing

Report Analysis Logs

General

Target

Contract.lnk
Size

1KB
MD5

5937d8b20aa531c087ceaefa7514aa38
SHA1

5015143bdcfe8e8b23143cc012f659e07b940a06
SHA256

921a440fe4c00a8f2fbfd7717b4163d5fca18d000b3b1bd0bf72d0f2492582e5
SHA512

8b63651e8ef55c60f923761b927af2a59c1098ae6b727ba1074ca8aa4f42b5af1379e56cfc5491ea77b87666d94f013d5d67adccc6da88ee9f796173cf4fe96b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Contract.lnk
1⤵
PID:1740

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download