d80d33cf63c15b5804e7dc096733026a01c300aac0e36cff5c9721adaebb1b2c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

中体彩2024年度员工晋升材料/中体彩2024年度员工晋升材料报名表.pdf.lnk
Size

727B
MD5

c02c168c1c97d6f113b88cb8c1ddedf9
SHA1

ee235ca5916d3003eab418dd9a3e2e0286bc3852
SHA256

cd029ad0d35e589c6340a33b094a3ae866648e4b93926ad7b3278d1531b583f3
SHA512

857ca5cacd21d194288a82a60a0cab439cde23beef5ebb4f83a4cb0a60694ff32c83682e4414355e26a59d4c73c29c2cac538107ee5cb95bf001b66582d6f569

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2524	2860	cmd.exe	29
PID 2860 wrote to memory of 2524	2860	cmd.exe	29
PID 2860 wrote to memory of 2524	2860	cmd.exe	29
PID 2684 wrote to memory of 2588	2684	explorer.exe	31
PID 2684 wrote to memory of 2588	2684	explorer.exe	31
PID 2684 wrote to memory of 2588	2684	explorer.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\中体彩2024年度员工晋升材料\中体彩2024年度员工晋升材料报名表.pdf.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ".\其他信息\.__MACOS__\.__MACOS__\._MACOSX_\osd.com"
  2⤵
  PID:2524

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\中体彩2024年度员工晋升材料\其他信息\.__MACOS__\.__MACOS__\._MACOSX_\osd.com
  "C:\Users\Admin\AppData\Local\Temp\中体彩2024年度员工晋升材料\其他信息\.__MACOS__\.__MACOS__\._MACOSX_\osd.com"
  2⤵
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2588-36-0x0000000071EE0000-0x0000000073436000-memory.dmp

Filesize
21.3MB

Download