ca92051ba1da055bad08b16fddb1d65af97d7bce1cefbcdb0cb663a1703e6b99

Analysis

Target

PRODUCTS NEEDED.exe
Size

1.3MB
MD5

2c224577bf79c043800a200f474bb441
SHA1

4c5a1f02deaa523f2efdf6b7761ae18073111a22
SHA256

ca92051ba1da055bad08b16fddb1d65af97d7bce1cefbcdb0cb663a1703e6b99
SHA512

a67512cfdc1859efc18339f7a8bacd95167dcfea3382caaac95e130ae5cd330fdce9edbdaddaf2186141aefda00765916bc05117a741f2d0beceef9fc58e40e8

Score

7^/10

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064
Suspicious use of SetThreadContext 1 IoCs

Processes:

PRODUCTS NEEDED.exe

description pid process target process

PID 320 set thread context of 1580 320 PRODUCTS NEEDED.exe vbc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dw20.exe

pid process

1520 dw20.exe

description	pid	process	target process
PID 320 set thread context of 1580	320	PRODUCTS NEEDED.exe	vbc.exe

pid	process
1520	dw20.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

PRODUCTS NEEDED.exevbc.exe

description	pid	process	target process
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 320 wrote to memory of 1580	320	PRODUCTS NEEDED.exe	vbc.exe
PID 1580 wrote to memory of 1520	1580	vbc.exe	dw20.exe
PID 1580 wrote to memory of 1520	1580	vbc.exe	dw20.exe
PID 1580 wrote to memory of 1520	1580	vbc.exe	dw20.exe
PID 1580 wrote to memory of 1520	1580	vbc.exe	dw20.exe

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/320-59-0x0000000075051000-0x0000000075053000-memory.dmp

Filesize
8KB

Download
memory/320-60-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/320-61-0x00000000007C1000-0x00000000007C2000-memory.dmp

Filesize
4KB

Download
memory/1520-65-0x0000000000000000-mapping.dmp

Download
memory/1520-68-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1580-62-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/1580-63-0x00000000004EDE2E-mapping.dmp

Download
memory/1580-67-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download