24b57e77a5882d5fed62413c233cdd01533b29e0eaa4c27f91d99bd13543c65a | Triage

Analysis

max time kernel
142s
max time network
183s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09/03/2023, 15:29

Sharing

Report Analysis Logs

General

Target

OutlookEmoji-1678146613013df8687da-f60e-4f29-81ef-cdea64bb1ab2.png
Size

16KB
MD5

522980a010cf6f718bb50890ceddc2c9
SHA1

10f9bb0c40fe26b5ee2b9af9de038764e16d9e32
SHA256

f1bb823b6d9d92de821cc85bcd4c873fb4aa2d63ab9857ba8d5b9a179f4b4148
SHA512

72bf3d7bcfc1805eea0b3d20284c624466c421c6e552c4deb943ff47bb8afaea80bf8e1cefcfb1a9adf37accc89fb165015d05acdc169fc74a703a6eebae7bd4
SSDEEP

384:V/+J8cZ1/wA46hzrmd7r2iT5PS+an6Rq3iQFkt:GHwA46hbOPS+anqq3irt

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\OutlookEmoji-1678146613013df8687da-f60e-4f29-81ef-cdea64bb1ab2.png
1⤵
PID:1852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads