Overview

overview

10

Static

static

ab7a6153f8...1c.exe

windows7_x64

10

ab7a6153f8...1c.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    167s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    16-05-2022 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe

  • Size

    78KB

  • MD5

    03dc3a78b445202a5051b9af86fd5a9b

  • SHA1

    db5c9b54adc50ddf1bea9746dd5bc76ed040e91a

  • SHA256

    ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c

  • SHA512

    7a535ccea2208f46601ae6b2d494e7e39d9563656b67a8963616f0201d0e9095e017c0663372dbe4b164b9205e3aea106c0c0af6d722b745dca6890189fbb1a1

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe
    "C:\Users\Admin\AppData\Local\Temp\ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\9a69xj6r.cmdline"
      2⤵
        PID:1856

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Scripting

    1
    T1064

    Persistence

    Privilege Escalation

    Defense Evasion

    Scripting

    1
    T1064

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\9a69xj6r.cmdline
      Filesize

      265B

      MD5

      e47de1543a3b73d4d1b99611267a5e41

      SHA1

      fc3ea1eec145de966b717f355669e8459d622ba3

      SHA256

      3d6a0cc9595f6f6a09c829d556b16224c42ffb7a8d19d9279c0e6273f67b2b61

      SHA512

      b53ab6181abbba2c50772987aed45586be38b2bd3f76a7a3d5086a96f642ffd32266bb93f275b259c880484cb6956b30b181ddc1b3f17a720502d2a3c3d22069

      Download Submit
    • memory/1856-133-0x0000000000000000-mapping.dmp
      Download
    • memory/4364-132-0x0000000074FF0000-0x00000000755A1000-memory.dmp
      Filesize

      5.7MB

      Download