Analysis
-
max time kernel
167s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16-05-2022 11:41
Static task
static1
Behavioral task
behavioral1
Sample
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe
Resource
win10v2004-20220414-en
General
-
Target
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe
-
Size
78KB
-
MD5
03dc3a78b445202a5051b9af86fd5a9b
-
SHA1
db5c9b54adc50ddf1bea9746dd5bc76ed040e91a
-
SHA256
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c
-
SHA512
7a535ccea2208f46601ae6b2d494e7e39d9563656b67a8963616f0201d0e9095e017c0663372dbe4b164b9205e3aea106c0c0af6d722b745dca6890189fbb1a1
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exedescription pid process Token: SeDebugPrivilege 4364 ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exedescription pid process target process PID 4364 wrote to memory of 1856 4364 ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe vbc.exe PID 4364 wrote to memory of 1856 4364 ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe vbc.exe PID 4364 wrote to memory of 1856 4364 ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe vbc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe"C:\Users\Admin\AppData\Local\Temp\ab7a6153f85d6b99b95cdc3997c6d3a75a7ae8f55d391d7d045d779a7a78201c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\9a69xj6r.cmdline"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\9a69xj6r.cmdlineFilesize
265B
MD5e47de1543a3b73d4d1b99611267a5e41
SHA1fc3ea1eec145de966b717f355669e8459d622ba3
SHA2563d6a0cc9595f6f6a09c829d556b16224c42ffb7a8d19d9279c0e6273f67b2b61
SHA512b53ab6181abbba2c50772987aed45586be38b2bd3f76a7a3d5086a96f642ffd32266bb93f275b259c880484cb6956b30b181ddc1b3f17a720502d2a3c3d22069
-
memory/1856-133-0x0000000000000000-mapping.dmp
-
memory/4364-132-0x0000000074FF0000-0x00000000755A1000-memory.dmpFilesize
5.7MB