12849756691c646e75dfd8770cf341b933e420319081be5ca1e4a5acb5d4d82c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 01:16

Target

VirusShare_0a94f2a16a88133e68b00bbad62cdac0.lnk
Size

792B
MD5

0a94f2a16a88133e68b00bbad62cdac0
SHA1

d837c98de67c0a5d077d8f7d71223a3bf3e252fa
SHA256

12849756691c646e75dfd8770cf341b933e420319081be5ca1e4a5acb5d4d82c
SHA512

abe477d1866f263d036db9aed641c8103db31c7d267196229f290b27a38ebe1c773e7c92d2084fb4964f9819539f229a88f3bf2fbe65dc01170a52f1bd687298

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2540	1368	cmd.exe	29
PID 1368 wrote to memory of 2540	1368	cmd.exe	29
PID 1368 wrote to memory of 2540	1368	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\VirusShare_0a94f2a16a88133e68b00bbad62cdac0.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\WINDOWS\system32\rundll32.exe
  "C:\WINDOWS\system32\rundll32.exe" C:\DOCUME~1\ALLUSE~1\APPLIC~1\0jtob.dat,FG00
  2⤵
  PID:2540

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact