1a06b268c8398494eff8a3e8532415383b6384552158ba26ad56f054814f4b25 | Triage

Analysis

max time kernel
15s
max time network
18s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
07-02-2023 19:08

Sharing

Report Analysis Logs

General

Target

maidservant/fiancees.jpg
Size

31KB
MD5

babafbabd2e5c512dfa2ce1ef7cdd96d
SHA1

5b0ea4a72778cb0c1995058d0c62945caff9e7de
SHA256

c79f86eb938e25f83971ede25ce82e0c1710f83ff09f0cb4677fcbcea0248929
SHA512

a9a3a32cd3b2d0e0e5893c5213780e28cd72b7d38e148941f0882a7fbd62bedcc91a1a91666b5980d4d7d245b43338b7c9b6656700ad5f4b15d93e55ad786072
SSDEEP

768:LtjYsBkznek481E0pYUXJCpF5hzrW11L2JpkvZWdkqvWBoTCoB/D3G:BswU894q2ZWXvWBo7/LG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\maidservant\fiancees.jpg
1⤵
PID:3700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads