edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095

Resubmissions

06-12-2022 06:15

221206-gzxv7sbc77 3

02-12-2022 17:00

221202-vjcrzsbc51 10

Analysis

max time kernel
365s
max time network
434s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
06-12-2022 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Claim_PE84.vhd
Size

2.0MB
MD5

2fe68553beb0a7b084f1b349d6551d9c
SHA1

c7e8f7b9313e876b10623840989fb07c00203930
SHA256

edcb8d8e80eb826ec95ed9ccdc1d4470c3edd1782350187fc9bcd776c6d96095
SHA512

cf9d306a0948217c32dd865a1926c18405cb0e24aef2eadd4bdd81bf9376783fa1a44de90ddc0926e4e6f41094cff99869b325b6d22a200f8f8161ee177fc0a1
SSDEEP

24576:/wWw8wewswUwBw6gwsw3wTOZqHk2JajfRO8:/wWw8wewswUwBw6gwsw3waZaUY8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	cmd.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Claim_PE84.vhd
1⤵
- Modifies registry class
PID:4144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads