32f4b7b56845b1c68dc066389ec709d48835150e6f8781cb938836ea381b88a3 | Triage

Analysis

max time kernel
57s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 11:23

Sharing

Report Analysis Logs

General

Target

run.bat
Size

13B
MD5

c63445a38455903301a58b7d4a537e92
SHA1

7487d515c1ad09e4d7c7e48fa4dc2dc5405666bf
SHA256

dd679686dbb331bb719b17883dc2e52f3bbd2f2b5f1d4fed3bb2dd1dd0d62206
SHA512

abf0a0df33705875e90d55fe23d9559afaa8e7b9d75391a2bfe2d848f6afa867dc25ae375e1e9b7e0dd12d27b26686c4a87a20fb70196d126cf6c8386f3b8059

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

cmd.exe

description ioc process

File opened (read-only) \??\E: cmd.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
1⤵
- Enumerates connected drives
PID:680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads