36dba66d1f2fc0d8f0ff95c4fdeb344cdedb74e13dbc52f3c0c93950f1aee7bb

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:04

Target

36dba66d1f2fc0d8f0ff95c4fdeb344cdedb74e13dbc52f3c0c93950f1aee7bb.lnk
Size

1KB
MD5

d169e7e322410541a52c51ee22b226e9
SHA1

84dcde7aa966163774639b9f3ac2e86507919526
SHA256

36dba66d1f2fc0d8f0ff95c4fdeb344cdedb74e13dbc52f3c0c93950f1aee7bb
SHA512

6f341eee634c71e0bbf248c494aca2ee53029cddc8caf73a0387483f19515420b69bfdbe7a6ef141c43eb6448846d36d77acf27dee0e414db31f710d7d8a2e5a

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 2660	1628	cmd.exe	31
PID 1628 wrote to memory of 2660	1628	cmd.exe	31
PID 1628 wrote to memory of 2660	1628	cmd.exe	31

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\36dba66d1f2fc0d8f0ff95c4fdeb344cdedb74e13dbc52f3c0c93950f1aee7bb.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c "History\^cache\3.e^xe 38334 1074"
  2⤵
  PID:2660

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact