Overview

overview

7

Static

static

1.lnk

windows7-x64

3

1.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/12/2022, 09:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1.lnk

  • Size

    1KB

  • MD5

    a4437af8405dde64eb3d4a0d3a7b5e36

  • SHA1

    1a7abe8054fd051d6d0c9fa7bfc61c2beaf9cf86

  • SHA256

    5270f742e681aec9baa479752333e1eac084ef2e7b949308ba42a3b9ebaae314

  • SHA512

    f68cdf6fe21622a86dbc94a824e0f4687ed6c1204d6e585cd65e208c6f3ef89592fe36134a99740d08bfde34418b155e55580fee80e83f4822b0c8aa413f8858

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1.lnk
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c Invoice\YouContract.cmd A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9
      2⤵
        PID:2576

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads