Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
18-07-2021 10:42
General
-
Target
8b7f63f120e527135f9bb9a3d7621120.exe
-
Size
408KB
-
MD5
8b7f63f120e527135f9bb9a3d7621120
-
SHA1
70c4b402faade6530f0f0e3a8ccc452f1c2773e7
-
SHA256
47b95432a7ec3c68256b6948f59130459d15230e6e91d77f0baa2e55cb9642f4
-
SHA512
67f4f0612aac3c7a57f39918ef260496d2e695f5cc3217d4d48661c23c9d2f6a8834c2c7cd965f1564b19eb9a12185a2ce50745d26913cd6ffcd94632410170b
Score
10/10
Malware Config
Signatures
-
DarkVNC
DarkVNC is a malicious version of the famous VNC software.
-
DarkVNC Payload 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b7f63f120e527135f9bb9a3d7621120.exe"C:\Users\Admin\AppData\Local\Temp\8b7f63f120e527135f9bb9a3d7621120.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1676-60-0x0000000075971000-0x0000000075973000-memory.dmpFilesize
8KB
-
memory/1676-63-0x0000000000220000-0x00000000002A8000-memory.dmpFilesize
544KB
-
memory/1676-64-0x0000000000400000-0x00000000008D0000-memory.dmpFilesize
4.8MB
-
memory/1716-61-0x0000000000000000-mapping.dmp
-
memory/1716-62-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmpFilesize
8KB
-
memory/1716-65-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/1716-66-0x0000000001B00000-0x0000000001BCA000-memory.dmpFilesize
808KB