Overview

overview

10

Static

static

1

book.pdf.lnk

windows7-x64

3

book.pdf.lnk

windows10-2004-x64

10

Resubmissions

24-08-2023 17:35

230824-v568qafh4y 3

23-08-2023 19:18

230823-xz2gdsfa82 3

23-08-2023 19:16

230823-xy925sfa76 3

21-08-2023 09:54

230821-lw62xscb47 10

21-08-2023 00:59

230821-bb4qysaa78 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    book.pdf.lnk

  • Size

    1KB

  • Sample

    230821-lw62xscb47

  • MD5

    0185e0fc2f505312001e1a65e6783908

  • SHA1

    8e4cf0397ba32d233a515a5aca02751f6f9344c6

  • SHA256

    8b3162141ac545fa0ae63777748973b8ee88bb8234a917d5fb3238d2c2ca963d

  • SHA512

    1a484bb08401fd7476d37029fa753aa82af10aa702f30fa30568ff7eaf94b484e604bbff9f6b5a67179a7d708cf61bb767fa974e0a9f35e751d74d9a2dd4fefc

Score
10/10
discovery

Malware Config

Targets

    • Target

      book.pdf.lnk

    • Size

      1KB

    • MD5

      0185e0fc2f505312001e1a65e6783908

    • SHA1

      8e4cf0397ba32d233a515a5aca02751f6f9344c6

    • SHA256

      8b3162141ac545fa0ae63777748973b8ee88bb8234a917d5fb3238d2c2ca963d

    • SHA512

      1a484bb08401fd7476d37029fa753aa82af10aa702f30fa30568ff7eaf94b484e604bbff9f6b5a67179a7d708cf61bb767fa974e0a9f35e751d74d9a2dd4fefc

    Score
    10/10
    discovery

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks