Overview

overview

10

Static

static

10

vbc.exe

windows7_x64

10

vbc.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    40s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    19-05-2022 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vbc.exe

  • Size

    1.2MB

  • MD5

    77cd3eac0feb00d232d794c3880b9e91

  • SHA1

    e258c7782240346e9a3e9897bd1629bbd40dbd15

  • SHA256

    ea4ff2f24588108641954f72800aabab7348ccc64d86f8293dd23cfc45f5faa1

  • SHA512

    16162f31e50f6f4025f0e0996338e6fb29c3cb20754da8835637a0e9b7c8bd432e8c4ded9febd97cabd4830c5c3940e6ad9b56afcd73c9d447a3d62d92951911

Score
10/10
coreentity

Malware Config

Signatures

  • CoreEntity .NET Packer 1 IoCs

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity
  • Uses the VBS compiler for execution 1 TTPs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vbc.exe
    "C:\Users\Admin\AppData\Local\Temp\vbc.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 548
      2⤵
      • Program crash
      PID:1984

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-54-0x0000000000950000-0x0000000000A82000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/1984-55-0x0000000000000000-mapping.dmp
    Download