Analysis
-
max time kernel
30s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
13-02-2023 18:55
General
-
Target
project requirements.lnk
-
Size
981B
-
MD5
9b512828eb27519424b4985ae1160075
-
SHA1
d73d9c30a84c83bcc54a53d42bff7d43eebba5b5
-
SHA256
14d23f1c4316b2748f257f72b3fdac993b304c73c58ebb12a754f27feb0050fc
-
SHA512
163d589c12c7214b5f0be5d1b7de78edd9e17d721c4de07c80a4c8a9895a116658212fd7d00c05588bb89c5b7eb1626b8ff2cf17ffb4f05a5700d27922c2f343
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\project requirements.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c samsung.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c start /b /min copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\G84IrBV5PP.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\G84IrBV5PP.exe4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB