Analysis
-
max time kernel
24s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
11/02/2023, 13:11
General
-
Target
project information.lnk
-
Size
987B
-
MD5
52318d33bcdb7be297b3fc01cb2b590c
-
SHA1
9c0e1191509c7d610c5e3cfbb8bc1b83b28fb03f
-
SHA256
da489201afe602684791b0a4b7b238df9f3549c276ccdcaeca8375f31f2b66dc
-
SHA512
27c48a86e08dcd3806f8989be739615f2c978da0dd216a43696590603be51867bff03d66e5bf808acd5d51ac203254b8eefd1d8dc6b9325ac5c0f3f2833ba8f2
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\project information.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c topicsMain.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c start /b /min copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\TUmLJFkwKhG.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\TUmLJFkwKhG.exe4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB