ebcb7eafd26589b355646f656da095a3e8c99c29f515df55cd1b7d94180874ae

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 02:06

Target

rv_luti_2024_roku.xlsx.lnk
Size

32KB
MD5

ccc8b9cd493472f0d518b807d3951fda
SHA1

f76898a4231b6fd71a22781156206a76568b9279
SHA256

6d93a42c2bffbf94f703b3bbe6e0e9026d76bfb501367bbeb1c2531e28ac6cab
SHA512

40bfa4428eb7a1fa21d2bf75b972196935e6710920827fe49bdae758e3262f761731c2921ea0ef460f8bd2319ff00270787c09888995a276648be7e0cd1580df
SSDEEP

48:808xwONuZDa46xCcgPcDpWdCZFXuGdZ+g:808KSuda46xCrPK9uL

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2776 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 2776 powershell.exe

pid	process
2776	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2776	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3012 wrote to memory of 2776	3012	cmd.exe	powershell.exe
PID 3012 wrote to memory of 2776	3012	cmd.exe	powershell.exe
PID 3012 wrote to memory of 2776	3012	cmd.exe	powershell.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rv_luti_2024_roku.xlsx.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:3012

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2776-38-0x000007FEF5E9E000-0x000007FEF5E9F000-memory.dmp

Filesize
4KB

Download
memory/2776-39-0x000000001B5E0000-0x000000001B8C2000-memory.dmp

Filesize
2.9MB

Download
memory/2776-40-0x00000000027E0000-0x00000000027E8000-memory.dmp

Filesize
32KB

Download
memory/2776-41-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-42-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-43-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-44-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-45-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download
memory/2776-46-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

Filesize
9.6MB

Download