Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:17
Static task
static1
Behavioral task
behavioral1
Sample
75126e2a39a6a94659224d7a23ef89b6.lnk
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
75126e2a39a6a94659224d7a23ef89b6.lnk
-
Size
1KB
-
MD5
75126e2a39a6a94659224d7a23ef89b6
-
SHA1
68466a6f174dd795e72ca4594b6fb877c37a1a34
-
SHA256
112b26dc8571aaed870ffc476252ef9fb67694cae8cf90f46927a5bc69b29382
-
SHA512
0e15a0618c126004cf7306a053a8e9cd5042183fc68aabcfa1966aa216c255c1893739cc37109922c2d016c0ab4407b04a44d8c2cd41a4e8ec91e873fdb4105e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
cmd.exedescription pid process target process PID 1752 wrote to memory of 2724 1752 cmd.exe cmd.exe PID 1752 wrote to memory of 2724 1752 cmd.exe cmd.exe PID 1752 wrote to memory of 2724 1752 cmd.exe cmd.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\75126e2a39a6a94659224d7a23ef89b6.lnk1⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c "start %cd%RECYCLER\0xFFD12566.exe &&C:\Windows\explorer.exe %cd%ابو طلال مخيمات2⤵PID:2724