fb69d039004fb2efa8b1602189de4f18b62f3a6e8f5a804bb7a2d88a6655d428 | Triage

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 15:27

Sharing

Report Analysis Logs

General

Target

fb69d039004fb2efa8b1602189de4f18b62f3a6e8f5a804bb7a2d88a6655d428.asp
Size

8KB
MD5

bb8de83cbe498e68bc8f8f88ef8f63a6
SHA1

c0dceba8aca4f3f175bac3222dec232a79a86d9c
SHA256

fb69d039004fb2efa8b1602189de4f18b62f3a6e8f5a804bb7a2d88a6655d428
SHA512

f3eb7789b2704a902a531d954b8b9a0ac4798974bbebfe242d4a8bc5b2a043ddcd0592ccac2f92b2ae97217b1b185cfc69a6f38fe6b8f718be058e32bfe2ec78
SSDEEP

192:nyXiurlGOaG7eMs6TTgpvfVd3l+LEXCTX0o/fE0f2wwszM/UO:nylrlGAW3TWHHEmf+UO

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\fb69d039004fb2efa8b1602189de4f18b62f3a6e8f5a804bb7a2d88a6655d428.asp
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-54-0x000007FEFC311000-0x000007FEFC313000-memory.dmp

Filesize
8KB

Download