Analysis
-
max time kernel
88s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
10-01-2023 17:31
General
-
Target
document01.lnk
-
Size
1KB
-
MD5
4230179e11830d5c25781306d113523b
-
SHA1
158c3323dc9d25981625bc1f4788ae4a9a6f5e60
-
SHA256
b3105f3b231b63e1e18f592d15acbba1fb1993e032360da28a14f41d60dad696
-
SHA512
342b01130dff4f62883602906245cf5ca4aa8e14ad397e07d7e383294d93dc826d43f32510648bcddd2295f0c082b5bf8f561b9b7bba302eecf23c9580e98c54
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\document01.lnk1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c price.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K copy /y C:\Windows\System32\rundll32.exe C:\ProgramData\cmVhpKJSis23S.exe3⤵
-
C:\Windows\system32\xcopy.exexcopy /h /y ipchains.dll C:\ProgramData\3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1036-133-0x0000000000000000-mapping.dmp
-
memory/2180-134-0x0000000000000000-mapping.dmp
-
memory/4732-132-0x0000000000000000-mapping.dmp