ee35c220756359a5bdfdb7dee9c395880d6cf695283b11a19f843a7f8d15df1a | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 19:46

Sharing

Report Analysis Logs

General

Target

dongchengkejico/Admin/Images/inc_lits.asp
Size

47KB
MD5

94344800d8bf0e17214f6368acf0ff19
SHA1

93dda0b2a8f8e58464b3afc0f009ebc93beceba8
SHA256

60a873c9bcda466277999599b9e777a48645e51a4882ff77b740474b4379afde
SHA512

714244b0fce82156af50adc537b1767c19cb6f78bb5adc926ca8fbaeb5dabbb69e76b28067f792891459718e1d74f52646d0482bdce073751fd8a7b81398fbf4
SSDEEP

768:uUV0Pm55QEvM+XwWLY0MNuolIl29cdVfdGEKyM6T5NbOAKogMHED4j2aY73jNxqE:l155FzwWLY0MAR29cffdJFdtOqgMHEDn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dongchengkejico\Admin\Images\inc_lits.asp
1⤵
PID:916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-54-0x000007FEFC581000-0x000007FEFC583000-memory.dmp

Filesize
8KB

Download