ee35c220756359a5bdfdb7dee9c395880d6cf695283b11a19f843a7f8d15df1a | Triage

Analysis

max time kernel
204s
max time network
462s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 19:46

Sharing

Report Analysis Logs

General

Target

dongchengkejico/Admin/adddown.asp
Size

2KB
MD5

38de5e3baa09edd0ee8118929831957c
SHA1

04e13f0cb6ed360cb2e7ce6aa94f444b57efaf08
SHA256

875c452570c37c470201d4bb0fe2f2ce71188bd61faa89e7c7ca8982b1432f4b
SHA512

45313a34b959da58d1ae28ca1aa29b4f0af7ba63c284f4b5e0e0514169ead869643e77d192e3bee92f476a193df66d17e0773f107a18413eda1e04817bd0311a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dongchengkejico\Admin\adddown.asp
1⤵
PID:4176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads