ec0f02edde4086d5f3dad2cd8fe33bbea9d68245f0d75affe2135ae0270a4543 | Triage

Resubmissions

18/08/2024, 08:26 UTC

240818-kbzlnsxfnm 10

18/08/2024, 08:17 UTC

240818-j6x6navale 10

Analysis

max time kernel
92s
max time network
95s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 08:17 UTC

Sharing

Report Analysis Logs

General

Target

Downloads/C963AEC1-6D52-EB4D-61BC-64DB2602EE5F/Everything.db
Size

28.7MB
MD5

5be65f749d8536954c242d0f541a21a6
SHA1

ff2a66004ec61337c1dc2be777c8ea1ed75a8308
SHA256

cf98330caf3aca7e70676b034507647c377bc487d8a666945b089d698de63b62
SHA512

d8076764c0888e63d823185fdba4392d2bcea14a2f94c367d7fdd863afff518e49ce2d6b4f815450bd5e394db791911ba489bf82be6e884d159cd4af3a2c3081
SSDEEP

196608:bIjBQFa5XQB4fsvXL++QiZhJL52KM7t+WWZBpTuk8B:bI1QFai4fsvXL++5Lr2KO5WZBsLB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Downloads\C963AEC1-6D52-EB4D-61BC-64DB2602EE5F\Everything.db
1⤵
PID:1248

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads