Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
19/11/2024, 13:24
General
-
Target
11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18.lnk
-
Size
292.5MB
-
MD5
725f2f61dadde4dd4ea0c4ad8666cd2a
-
SHA1
5b87ffd40088e98e37d889ed0ca08ff237440a1b
-
SHA256
11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18
-
SHA512
611d66b543d7a86b98778b99db429b3998afa9f4b0a7b744f5ec1fb3e3180653fe13e0ef6f8d75e09e7309f6aac0a9aa76a6c27486b0ad836fd98e24c5b5e977
-
SSDEEP
12288:4kz23N5x1aD1vsNcccVFpZxhASzeql05TjeKR3ePe/:/65x1aRi3CfPvl0FjeHm/
Score
6/10
Malware Config
Signatures
-
Deobfuscate/Decode Files or Information 1 TTPs 2 IoCs
Payload decoded via CertUtil.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18.lnk1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c if exist C:\Users\Admin\AppData\Local\Temp\temp1_CC3USWBBB.zip\CCBBB3US-W7YTK.pdf..lnk (certutil.exe -decode C:\Users\Admin\AppData\Local\Temp\temp1_CC3USWBBB.zip\CCBBB3US-W7YTK.pdf..lnk C:\Users\Admin\AppData\Local\Temp\.hta&start C:\Users\Admin\AppData\Local\Temp\.hta)else (certutil -decode CCBBB3US-W7YTK.pdf..lnk C:\Users\Admin\AppData\Local\Temp\.hta&start C:\Users\Admin\AppData\Local\Temp\.hta)2⤵
- Deobfuscate/Decode Files or Information
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -decode CCBBB3US-W7YTK.pdf..lnk C:\Users\Admin\AppData\Local\Temp\.hta3⤵
- Deobfuscate/Decode Files or Information
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB