9d0ebc98d10447206e82459651d402da9c7fe9ed7a8899cdbb944b263cf3dae1 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 18:00

Sharing

Report Analysis Logs

General

Target

9d0ebc98d10447206e82459651d402da9c7fe9ed7a8899cdbb944b263cf3dae1.asp
Size

74KB
MD5

aa8d82780889b5cafece4b91ccf74aa5
SHA1

2191642590fe02a4e1b8e3f4c529c76eeb94ab9e
SHA256

9d0ebc98d10447206e82459651d402da9c7fe9ed7a8899cdbb944b263cf3dae1
SHA512

389404717b963048d58c3282199cad05c19651511f7f12a2344e5f8be765db207033debc2150731c0837ab5aeed88041cf05e67e5a1139bb429edc68556d2ebc
SSDEEP

1536:31ZFdKJHum7qpAS3FM/6I7iwQsG1IiFASUPS2hEItDGGdVj9C:35dMHKpu6Eodv25hEItDGuVpC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\9d0ebc98d10447206e82459651d402da9c7fe9ed7a8899cdbb944b263cf3dae1.asp
1⤵
PID:812

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/812-54-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp

Filesize
8KB

Download