Analysis
-
max time kernel
102s -
max time network
140s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
30-11-2024 06:23
General
-
Target
(Full Package) One Click OPT Ver - 6.7/Defragment.lnk
-
Size
2KB
-
MD5
6c641c68dc0ee3f1f976edf0ee45fb28
-
SHA1
4cf48563afa0f6eedbbe1f9858bc53f8e58a4667
-
SHA256
307c3aab509575221348e3ce86db6ffe829f26267748af662ee164815ea441ad
-
SHA512
38958301b98d82b0d26ef588e872a43fb3063df5e61a05a68e986d897caf474703dd65027c9e17635ac58a4790a1505f9d8681fa44ab332eb47c7f4f6577ccad
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\(Full Package) One Click OPT Ver - 6.7\Defragment.lnk"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\dfrgui.exe"C:\Windows\System32\dfrgui.exe"2⤵
-