Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
13-05-2021 02:34
General
-
Target
badbbc572435a7bfb674faf5ddd5b25c1d7a85b95c5c1458d1c0aab89587f697.exe
-
Size
220KB
-
MD5
bb68d00e0de6d123328afb4532a01979
-
SHA1
5c09f5b4f318243f8e06da31ca4db1956d7934fa
-
SHA256
badbbc572435a7bfb674faf5ddd5b25c1d7a85b95c5c1458d1c0aab89587f697
-
SHA512
04355b8aa106a2ab939afe4813e3e6b3ca8d246be6133b9440bca9939536cf77976a4b67ad83a56e77e8876869e1dfe2875e7d55ada3e5acbde3a7bf4b448a26
Score
10/10
Malware Config
Signatures
-
Vobfus
A widespread worm which spreads via network drives and removable media.
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\badbbc572435a7bfb674faf5ddd5b25c1d7a85b95c5c1458d1c0aab89587f697.exe"C:\Users\Admin\AppData\Local\Temp\badbbc572435a7bfb674faf5ddd5b25c1d7a85b95c5c1458d1c0aab89587f697.exe"1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx