Vr.rar

General
Target

0x000100000001ad02-313.exe

Filesize

620KB

Completed

25-11-2020 10:47

Score
8 /10
MD5

7f1c0fe70e588f3bead08b64910b455e

SHA1

b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

SHA256

4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

Malware Config
Signatures 5

Filter: none

  • Executes dropped EXE
    SmartClock.exe

    Reported IOCs

    pidprocess
    1720SmartClock.exe
  • Drops startup file
    0x000100000001ad02-313.exe

    Reported IOCs

    descriptioniocprocess
    File createdC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk0x000100000001ad02-313.exe
  • Loads dropped DLL
    0x000100000001ad02-313.exe

    Reported IOCs

    pidprocess
    18520x000100000001ad02-313.exe
    18520x000100000001ad02-313.exe
    18520x000100000001ad02-313.exe
  • Suspicious behavior: AddClipboardFormatListener
    SmartClock.exe

    Reported IOCs

    pidprocess
    1720SmartClock.exe
  • Suspicious use of WriteProcessMemory
    0x000100000001ad02-313.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 1852 wrote to memory of 172018520x000100000001ad02-313.exeSmartClock.exe
    PID 1852 wrote to memory of 172018520x000100000001ad02-313.exeSmartClock.exe
    PID 1852 wrote to memory of 172018520x000100000001ad02-313.exeSmartClock.exe
    PID 1852 wrote to memory of 172018520x000100000001ad02-313.exeSmartClock.exe
Processes 2
  • C:\Users\Admin\AppData\Local\Temp\0x000100000001ad02-313.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000100000001ad02-313.exe"
    Drops startup file
    Loads dropped DLL
    Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe
      "C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe"
      Executes dropped EXE
      Suspicious behavior: AddClipboardFormatListener
      PID:1720
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • \Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • \Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • \Users\Admin\AppData\Roaming\Smart Clock\SmartClock.exe

                            MD5

                            7f1c0fe70e588f3bead08b64910b455e

                            SHA1

                            b0d78d67ee8a703e2c5dff5f50b34c504a91cfee

                            SHA256

                            4788a1207c8a83d6051a12d1bbc63e889fbf142e9479c8d2919e8dcb0e4a6cc4

                            SHA512

                            e5c5227943683851d393328d41c86066ece40f6813533f010963f5515d369d3aa57175f169aef9f428deca38810be75ee8d40b735a0af8826fd7c1bb444b1a84

                            Download Submit

                          • memory/1720-6-0x0000000006190000-0x00000000061A1000-memory.dmp

                            Download

                          • memory/1720-4-0x0000000000000000-mapping.dmp

                            Download

                          • memory/1852-0-0x0000000005FE0000-0x0000000005FF1000-memory.dmp

                            Download