e5d4292ecf0f3e2c0f49c14054dd38fd3bb406dbdf6cb57c4cb51ba381323491

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TypeSupport/Unicode/Mappings/Mac/TURKISH.txt
Size

12KB
MD5

6bfac3d4ab3ac941a0b2a29a56de6f64
SHA1

cdc38c3e0de96c3f2b50448cf3dcf42d52e7e243
SHA256

9ecde6f591caed9c2ce4438884da5f22e35fbdbb97e8d80b43129b23a6791891
SHA512

1e2645df84c5392b09e85dac63970ba49dec9dee63c06548f7717fbfca2643646c1668202217ec836a663c4938fa45774d3c7a9a7254b926d75b0a32c90fd3ee
SSDEEP

192:y7gi8BsiHoGV1zjbweEZGWRBnBb7ec56ZcjVNs0sDTZLzGYpfzRzUUbc3jTpGNlw:WgDsiX1zjbweTWRRBb7e6vY9Gka3

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1456	NOTEPAD.EXE

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1456	NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\TypeSupport\Unicode\Mappings\Mac\TURKISH.txt
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Opens file in notepad (likely ransom note)
PID:1456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...