Analysis
-
max time kernel
40s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
19-05-2022 14:24
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
vbc.exe
-
Size
1.2MB
-
MD5
77cd3eac0feb00d232d794c3880b9e91
-
SHA1
e258c7782240346e9a3e9897bd1629bbd40dbd15
-
SHA256
ea4ff2f24588108641954f72800aabab7348ccc64d86f8293dd23cfc45f5faa1
-
SHA512
16162f31e50f6f4025f0e0996338e6fb29c3cb20754da8835637a0e9b7c8bd432e8c4ded9febd97cabd4830c5c3940e6ad9b56afcd73c9d447a3d62d92951911
Score
10/10
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule behavioral1/memory/1056-54-0x0000000000950000-0x0000000000A82000-memory.dmp coreentity -
Uses the VBS compiler for execution 1 TTPs
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1984 1056 WerFault.exe vbc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
vbc.exedescription pid process target process PID 1056 wrote to memory of 1984 1056 vbc.exe WerFault.exe PID 1056 wrote to memory of 1984 1056 vbc.exe WerFault.exe PID 1056 wrote to memory of 1984 1056 vbc.exe WerFault.exe PID 1056 wrote to memory of 1984 1056 vbc.exe WerFault.exe