Analysis
-
max time kernel
9s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
10-02-2023 21:08
General
-
Target
project information.lnk
-
Size
975B
-
MD5
c6b475cbf0af53b086df880b42c21409
-
SHA1
e8aa3b7fc99e14f92bf369efdac3f2b558914915
-
SHA256
ae981b4dd9a5b4a4d8a21250244216dc7e9ac03bd54048527f31d3554b66fad1
-
SHA512
8a9031fb1f0238c92ebf6d432b950c7f806dbb085a288f6bc0c120ff9f779a670169c320aac48784cad64b235fee845bc1e04037f18dbeb2dc5a3fcf30397dc7
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\project information.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c math.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c start /b /min copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\2XvdXuWL0hw1.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\2XvdXuWL0hw1.exe4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB