e5d4292ecf0f3e2c0f49c14054dd38fd3bb406dbdf6cb57c4cb51ba381323491

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TypeSupport/Unicode/Mappings/win/CP1252.txt
Size

9KB
MD5

93fb108016f8a1e87e4129b21fe9984b
SHA1

f6d6b1cac29fdffe774e5175cb60970ba373a656
SHA256

fca3ab5882f0a562794f05d7f15a39157c59d7c07fcbac79ab7cf3d12c979541
SHA512

e0679ddb288423557170c09bf6848d6d8d74f9e70bd751131db7bd248446606db856a86af7ac8e3500b2950261de199a5ede444d8bf451ee1ccc6cc854151342
SSDEEP

192:YUsVb+Mu1eIqY/tJVLTjbew6SiNNzu6NSCYyhrt0K5n9dWGufxvH+Gv:Y93+qw7VLTjbewtUSLO+RV

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3124	NOTEPAD.EXE

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3124	NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\TypeSupport\Unicode\Mappings\win\CP1252.txt
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Opens file in notepad (likely ransom note)
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads