Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
26-01-2023 02:35
Static task
static1
Behavioral task
behavioral1
Sample
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.lnk
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.lnk
Resource
win10v2004-20221111-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.lnk
-
Size
2KB
-
MD5
f1acdf0794d290dbd6ef4bdc77292a24
-
SHA1
248a8e6c8a2af76e49e7b8b1b5b759cecb0be4ee
-
SHA256
e0d6aa1f52db325526b489597e449a853a37585e57be01569059619199cb43de
-
SHA512
6fdf61b54b207f3b4a06b7e7dd45f60982b8db3c0d3e214d6828fa0ed1ad961d4fb5e820fe7a361e8026c9ba6507b8597c9b77f2bd7911c08328bfa2760ae4c5
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1292 wrote to memory of 428 1292 cmd.exe rundll32.exe PID 1292 wrote to memory of 428 1292 cmd.exe rundll32.exe PID 1292 wrote to memory of 428 1292 cmd.exe rundll32.exe