Analysis

  • max time kernel
    2s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    03-07-2021 10:44

General

  • Target

    1234ece43aa87d86c894c56e624542f1.exe

  • Size

    406KB

  • MD5

    1234ece43aa87d86c894c56e624542f1

  • SHA1

    269434459fefa03f3953eef1884b346610dd1b94

  • SHA256

    21dbbf625ccd9bf9aae178bf9a5ff84db58aea912166836924b7aa9bbce0443c

  • SHA512

    649475a6b92e0411e6fdd8618fec5835b1f0357f3b8586a3de042dc04261f6251d40d0e1036884ed199af65b1b53c03848214f35cdae1ef47226c80462c44519

Score
10/10

Malware Config

Signatures

  • DarkVNC

    DarkVNC is a malicious version of the famous VNC software.

  • DarkVNC Payload 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1234ece43aa87d86c894c56e624542f1.exe
    "C:\Users\Admin\AppData\Local\Temp\1234ece43aa87d86c894c56e624542f1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe
      2⤵
        PID:1720

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1084-59-0x00000000752F1000-0x00000000752F3000-memory.dmp

      Filesize

      8KB

    • memory/1084-62-0x00000000002E0000-0x0000000000368000-memory.dmp

      Filesize

      544KB

    • memory/1084-63-0x0000000000400000-0x000000000060F000-memory.dmp

      Filesize

      2.1MB

    • memory/1720-61-0x000007FEFBD91000-0x000007FEFBD93000-memory.dmp

      Filesize

      8KB

    • memory/1720-64-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB