f8ae0a8e7770dd0e3e68cf99b2d9e5d7152a39ca788e2ddfcf93b2118e4649c4 | Triage

Analysis

max time kernel
29s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 18:20

Sharing

Report Analysis Logs

General

Target

edithtm/jsp/file_manager_json.asp
Size

4KB
MD5

bd631547ab8fb1ab0044ae21755e0df4
SHA1

7a31655196baec72ac4bdce1f1b8c5cffe213c6a
SHA256

7fe4e95368dfcf900b11eed60421b077f42f3d77bf9d6113cc3416b0ed8e9bd0
SHA512

d57790523d43630e511fe040aa775630c36bd0dc299c20fde84ec7c767950ac20ee47bb19d74d7e1b9aa28c97b0e18ad014106ed5a53ed7955f286aa4c8e4144
SSDEEP

96:KpqmIJtIs4JzTlvUSCCrH9zBxhq6KMw9ToAp/U0jfXaIBE50zn5574zVqz4g74zV:KsvIsElvUSHd9bnKMw2ApM0zaIBE50rW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\edithtm\jsp\file_manager_json.asp
1⤵
PID:1880

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-54-0x000007FEFC481000-0x000007FEFC483000-memory.dmp

Filesize
8KB

Download