Analysis
-
max time kernel
43s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
13-02-2023 19:00
General
-
Target
project information.lnk
-
Size
981B
-
MD5
ab75f98820d239a2f300d1258e65ff57
-
SHA1
9571afbbc444cdf6ede14c0996e6e915ef21baed
-
SHA256
0d395daea134bf3ad5d52e47424725842391ceef3fba206031038f9d9f570191
-
SHA512
9929dc69ce18949b9b6efb36d501bb92a7ae7f18a82f61245088de474258ab8c33e701bc4e5f52394a7bbe80bec48269989ada0ed989ef206e3040b27a45a6ea
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\project information.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c cookies.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c start /b /min copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\u9OwF0LTWHo.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /K copy /Y C:\Windows\System32\rundll32.exe C:\ProgramData\u9OwF0LTWHo.exe4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB