Overview

overview

7

Static

static

1

Device/Har...ZL.lnk

windows7-x64

3

Device/Har...ZL.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume3/$Recycle.Bin/S-1-5-21-1609150881-1430008545-2034545098-1122/$R0H9FZL.lnk

  • Size

    850B

  • MD5

    b380de9c33f47a45008bbec8cca24120

  • SHA1

    df471da1deeb2a022e9e359b49a2fce890ff3d83

  • SHA256

    4297e0997a42a0fc83b869779532528567b4b6fd3e0f9d1baa66d749ae255146

  • SHA512

    b7c27caf6b197bd8b93759c2690e4747af975d64e9811de8ec6c7b3a3e0222874f5bf5014f60e0a60b7b9013abf2d4b836f43a6593678648f7c8806f2ed85019

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-1609150881-1430008545-2034545098-1122\$R0H9FZL.lnk
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c start streamerdata\streamer.exe /AutoIt3ExecuteScript "streamerdata\stream.txt" 80vy22qQ3mi7Esu & exit
      2⤵
        PID:3240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads