e3629b4015df4a38ebfc7c8eafc4b04121db092153c267c69ee2150bcaa83a15 | Triage

Submit
Reports

Overview

overview

5

Static

static

1

message__b...m_.eml

windows7-x64

5

message__b...m_.eml

windows10-2004-x64

3

aa.jpg

windows7-x64

3

aa.jpg

windows10-2004-x64

3

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

Analysis

max time kernel
277s
max time network
280s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/03/2023, 00:48

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

message__bc40f957_6966_278e_fa52_79fd2c1a41b0_watchmesports_com_.eml

Resource

win7-20230220-en

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral2

Sample

message__bc40f957_6966_278e_fa52_79fd2c1a41b0_watchmesports_com_.eml

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

300 seconds

Behavioral task

behavioral3

Sample

aa.jpg

Resource

win7-20230220-en

windows7-x64

2 signatures

300 seconds

Behavioral task

behavioral4

Sample

aa.jpg

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

300 seconds

Behavioral task

behavioral5

Sample

email-html-1.html

Resource

win7-20230220-en

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral6

Sample

email-html-1.html

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

300 seconds

Report Analysis Logs

General

Target

aa.jpg
Size

45KB
MD5

21e079d5b903709d3c48cb84b0f8586d
SHA1

0a336833727c36d4292a2d3cd78bc63e5b24611a
SHA256

2581caaad5d13a81df987adb0c0e08bee13c856cd58b3e5fe0e30af2d4631241
SHA512

04065fe61c0d0d8aabeee31f58636f0d30484d77f01cd5da174153614fe39856ac5e31bcbeac94721f46c65154d175e8663a7a81829422402705ea72c8261aaa
SSDEEP

768:YRnjUeabpPCMOmtEcpWP9Hoxf0NkdKJLwZVNnir//7zGP8q:YiRCAGaWPWxfzwKNir//7iR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\aa.jpg
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy