95c56ade068a888b4cb3c8f3ee9a36d9fda16889864832584d3349d557260be7 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 13:10

Sharing

Report Analysis Logs

General

Target

xiaofgw/Admin/Keep.asp
Size

139B
MD5

b93dee92af4de269a2bd40cf560ebd12
SHA1

3645814cae1ebbf36c99aaa15f7c752ed17d4925
SHA256

a33a46a57747609463958b62866d46e87ef690a11329b313d6e18836162598fb
SHA512

99fabf6977fc81a17f440260587cf0b47741468231929e69c2188480309399f97b946f5fab5d75b9ea848e150fdfb3a14fa9b5b9e15aba5fef9995bc6badfc3d

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\xiaofgw\Admin\Keep.asp
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-21-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download