fb106bdcc87af611308e809356192c7bb934a8621a07d7dc7e1876e0cea5eb1f

Resubmissions

01/03/2024, 15:25

240301-stvz7sha8w 6

01/03/2024, 13:53

240301-q7da7sgg62 3

Analysis

max time kernel
1483s
max time network
1496s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

destroy-securly-main/style.css
Size

567B
MD5

5fcfafd12c7603ea096508f49bfcdfb9
SHA1

9ebff76b748de38bb4efd51bd3b92ad083ad46ee
SHA256

69346fb20cf66a20d64c551fcc24d8d5f46a41aceb36adef48b5b647cf7acfff
SHA512

550edd8744ad301455d6aaf845c46da53dd3a6a2fe382737474a96976438f60cd37d28926956e97e04bfb220f1c67032b6179e477bc0dd8dbbb4a6c6a9f8a495

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	cmd.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 3272	3460	cmd.exe	80
PID 3460 wrote to memory of 3272	3460	cmd.exe	80

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\destroy-securly-main\style.css
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\destroy-securly-main\style.css
  2⤵
  PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...