Vr.rar

General
Target

0x000300000001aced-248.exe

Filesize

620KB

Completed

25-11-2020 10:47

Score
8 /10
MD5

7f1c0fe70e588f3bead08b64910b455e

SHA1

b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

SHA256

4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

Malware Config
Signatures 4

Filter: none

  • Executes dropped EXE
    SmartClock.exe

    Reported IOCs

    pidprocess
    2372SmartClock.exe
  • Drops startup file
    0x000300000001aced-248.exe

    Reported IOCs

    descriptioniocprocess
    File createdC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk0x000300000001aced-248.exe
  • Suspicious behavior: AddClipboardFormatListener
    SmartClock.exe

    Reported IOCs

    pidprocess
    2372SmartClock.exe
  • Suspicious use of WriteProcessMemory
    0x000300000001aced-248.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 640 wrote to memory of 23726400x000300000001aced-248.exeSmartClock.exe
    PID 640 wrote to memory of 23726400x000300000001aced-248.exeSmartClock.exe
    PID 640 wrote to memory of 23726400x000300000001aced-248.exeSmartClock.exe
Processes 2
  • C:\Users\Admin\AppData\Local\Temp\0x000300000001aced-248.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000300000001aced-248.exe"
    Drops startup file
    Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe
      "C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe"
      Executes dropped EXE
      Suspicious behavior: AddClipboardFormatListener
      PID:2372
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • memory/640-0-0x0000000006410000-0x0000000006411000-memory.dmp

                            Download

                          • memory/2372-2-0x0000000000000000-mapping.dmp

                            Download

                          • memory/2372-5-0x0000000006480000-0x0000000006481000-memory.dmp

                            Download

                          • memory/2372-6-0x0000000006480000-0x0000000006481000-memory.dmp

                            Download