ce20bc65910e2b8126f636cb836ccfc7f094d085c9c5010737c3b118206a73a3

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-12-2024 17:55

Target

image/image.png.lnk
Size

1KB
MD5

42ef80c16cb0858bc3c1f4533186e442
SHA1

b547bfddd0e73a0398df737df997a6bd38a94e03
SHA256

2edc407526757964bdde102209955a67b90c0ce09b69f362ed1c38ab197841e6
SHA512

03522f7bdfbb991683cf1d39edfcd0728d35bb295b209553f925353c0f9d2ea11f0416516e1177b383f6c17a360fea4750f353fd555b41bca5890adb6b197533

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5152 wrote to memory of 6072	5152	cmd.exe	78
PID 5152 wrote to memory of 6072	5152	cmd.exe	78

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image\image.png.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:5152
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c C:\Users\kerem\OneDrive\Desktop\image\image.png
  2⤵
  PID:6072

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact