Analysis

  • max time kernel
    40s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    09-06-2022 16:10

General

  • Target

    ScannedDocuments_8080655.lnk

  • Size

    1KB

  • MD5

    a43c525371ce9f2fcccba240a1fc5a33

  • SHA1

    9ec61778e8605c7bd304f84f0867ada794a2d9f0

  • SHA256

    89532ec32e52234cef6c82443cc08d3b9461d0a87d1cde778d8b5dfe34c54022

  • SHA512

    c405eae2c58cbca8005a4396b8572dcc7c82ba08a91b3cb83f9892b44204dfea44a8214804ed9addff6de6c21cf70888a8afc7c98cdca35681970d387780aad4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ScannedDocuments_8080655.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\System32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" scanned.dll,DllUnregisterServer
      2⤵
        PID:896

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Discovery

    System Information Discovery

    1
    T1082

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/896-88-0x0000000000000000-mapping.dmp
    • memory/1380-54-0x000007FEFB721000-0x000007FEFB723000-memory.dmp
      Filesize

      8KB