Analysis
-
max time kernel
135s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
30-05-2022 17:56
General
-
Target
msvvcs/msvvcs.exe
-
Size
36KB
-
MD5
5ad9c956883633298c8e435d90d8394c
-
SHA1
d666343073acf7b97884bff37b2a902a78901b07
-
SHA256
b364c54bb671c0979964e13bf429ba4b128f0d3534d0b9c8de4958f2f37b93d4
-
SHA512
9def3c08808addcc232aabe6594297ddf25953e3002c44170387fcda942c26e83de87bda509d85dd4bdf6fc741172c0d27789a55efa5c41d171ab9205ba70882
Malware Config
Signatures
-
Detects Talisman variant of PlugX 2 IoCs
-
PlugX
PlugX is a RAT (Remote Access Trojan) that has been around since 2008.
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Modifies data under HKEY_USERS 35 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\msvvcs\msvvcs.exe"C:\Users\Admin\AppData\Local\Temp\msvvcs\msvvcs.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c schtasks /create /sc minute /mo 2 /tn "msvvcs" /tr "\"C:\ProgramData\msvvcs\msvvcs.exe\"" /ru "system"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /sc minute /mo 2 /tn "msvvcs" /tr "\"C:\ProgramData\msvvcs\msvvcs.exe\"" /ru "system"3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {22708FF8-7725-41A9-9AE6-88A875DD5C32} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\msvvcs\msvvcs.exeC:\ProgramData\msvvcs\msvvcs.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
205KB
MD595056f4bbd695d9b871799748b1da85d
SHA1739e0a4d7e890f7a0e83aa7cd82fb35cf2f8a85c
SHA256683cc375477485a47ceb6940b08b6844f58bd02eed03ad29ab89428bfb38884f
SHA51237285f29cc97b63092e067d7c7b58031f1324c5ee2c57cff55a1345d9b923969d7257eaf2804dafd73c8c43799a16fc0b1dfafef017a637d2115da14572b0af8
-
Filesize
36KB
MD55ad9c956883633298c8e435d90d8394c
SHA1d666343073acf7b97884bff37b2a902a78901b07
SHA256b364c54bb671c0979964e13bf429ba4b128f0d3534d0b9c8de4958f2f37b93d4
SHA5129def3c08808addcc232aabe6594297ddf25953e3002c44170387fcda942c26e83de87bda509d85dd4bdf6fc741172c0d27789a55efa5c41d171ab9205ba70882
-
Filesize
36KB
MD55ad9c956883633298c8e435d90d8394c
SHA1d666343073acf7b97884bff37b2a902a78901b07
SHA256b364c54bb671c0979964e13bf429ba4b128f0d3534d0b9c8de4958f2f37b93d4
SHA5129def3c08808addcc232aabe6594297ddf25953e3002c44170387fcda942c26e83de87bda509d85dd4bdf6fc741172c0d27789a55efa5c41d171ab9205ba70882
-
Filesize
224KB
-
Filesize
8KB
-
Filesize
208KB