9000091904324b3e13a05631e4275fdb682116456bd49442f548bd1ff654a79a | Triage

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 08:14

Sharing

Report Analysis Logs

General

Target

9000091904324b3e13a05631e4275fdb682116456bd49442f548bd1ff654a79a.lnk
Size

935B
MD5

cdb427accd45a570fa3959c2e6091527
SHA1

c6c51067ac47587bdf5cd1e3bed5fdead0168f9e
SHA256

9000091904324b3e13a05631e4275fdb682116456bd49442f548bd1ff654a79a
SHA512

7f6ddbc7f0b1d20a149e8b824a06611bcc64aa7195aa43137b1c920a79fb4609b17b569982bc7cd333132138b4be98d2e196a6738a4208f932f6ff5e948a3def

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\9000091904324b3e13a05631e4275fdb682116456bd49442f548bd1ff654a79a.lnk
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-54-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download