Analysis

  • max time kernel
    44s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2022 19:07

General

  • Target

    FOCVIVH.exe

  • Size

    3.5MB

  • MD5

    85c27c29bcd669111e83ece79e7e0a62

  • SHA1

    24cb399e0de0896709242e3e2cc2b0435d5c206e

  • SHA256

    c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9

  • SHA512

    9d01e2e090c553f3de1a85300f7faa36cee4a4e135ec47854529aaa1fe2fd2e0313b8202dbf875b6cc21e0a1ec46d1c1d379563ad7560470dd0a246c8bae7e99

  • SSDEEP

    24576:DqkwrOTxquuoM1iHVHv/Rkelbl1RWuetgVR04suAKluiCionxi3tWEvvbwDiqBQd:4uuoBVH7XRWFIDpkdj

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe
    "C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe"
      2⤵
        PID:988

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Execution

    Scripting

    1
    T1064

    Defense Evasion

    Scripting

    1
    T1064

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/968-54-0x0000000000F20000-0x00000000012A6000-memory.dmp
      Filesize

      3.5MB

    • memory/968-55-0x00000000003C0000-0x0000000000426000-memory.dmp
      Filesize

      408KB