Overview

overview

10

Static

static

e51d3176c3...7a.exe

windows7_x64

8

e51d3176c3...7a.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    13-05-2021 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e51d3176c31c1c695542b23cb34f30a2f538af8ea760818bbadbb3fbe2ff627a.exe

  • Size

    1.9MB

  • MD5

    ab1fd5d5b1d766c1fadbbc38a9f51aac

  • SHA1

    3bda84b42dd9dc5832ba48cbdf7e1c870050f911

  • SHA256

    e51d3176c31c1c695542b23cb34f30a2f538af8ea760818bbadbb3fbe2ff627a

  • SHA512

    91e05ba4e9d2b39f7c2eb7fd2ad1b7943a8451204b58d0ee69d0bbaaded3d3e6b0e952d10a0cc978273c097d972c50f31f8bf9f80b3021cf46cb5c5b2454be06

Score
10/10
vobfuspersistenceworm

Malware Config

Signatures

  • Vobfus

    A widespread worm which spreads via network drives and removable media.

    wormvobfus
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e51d3176c31c1c695542b23cb34f30a2f538af8ea760818bbadbb3fbe2ff627a.exe
    "C:\Users\Admin\AppData\Local\Temp\e51d3176c31c1c695542b23cb34f30a2f538af8ea760818bbadbb3fbe2ff627a.exe"
    1⤵
    • Adds policy Run key to start application
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    PID:2016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2016-114-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download