Overview

overview

7

Static

static

1

4f1d22f6e4...58.lnk

windows7-x64

3

4f1d22f6e4...58.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f1d22f6e4f77dba87075d6d85986f58.lnk

  • Size

    786B

  • MD5

    4f1d22f6e4f77dba87075d6d85986f58

  • SHA1

    e60588252910d87c27fd4d64e9c7c20fed6b72b8

  • SHA256

    d37c18ce72f517f8a42f85863e97ad88e810b01db37da56e7fac777a1e524406

  • SHA512

    024e8ace560400fd0642ceacb9def80ff8a4be50f9c6896ba8f8475719f2c69e176d6e2631003c686dffe67a167b2152b5532530dc0b1dc75c593aae5e3158b1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\4f1d22f6e4f77dba87075d6d85986f58.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c start ..\Skypee\omO.EXE explorer vzJDxzVJTUbGgaH("JUNEJQ==") & exit
      2⤵
        PID:2864

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads