Analysis
-
max time kernel
44s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28-09-2022 19:07
Static task
static1
Behavioral task
behavioral1
Sample
FOCVIVH.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
FOCVIVH.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
FOCVIVH.exe
-
Size
3.5MB
-
MD5
85c27c29bcd669111e83ece79e7e0a62
-
SHA1
24cb399e0de0896709242e3e2cc2b0435d5c206e
-
SHA256
c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9
-
SHA512
9d01e2e090c553f3de1a85300f7faa36cee4a4e135ec47854529aaa1fe2fd2e0313b8202dbf875b6cc21e0a1ec46d1c1d379563ad7560470dd0a246c8bae7e99
-
SSDEEP
24576:DqkwrOTxquuoM1iHVHv/Rkelbl1RWuetgVR04suAKluiCionxi3tWEvvbwDiqBQd:4uuoBVH7XRWFIDpkdj
Score
7/10
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
FOCVIVH.exepid process 968 FOCVIVH.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
FOCVIVH.exedescription pid process Token: SeDebugPrivilege 968 FOCVIVH.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
FOCVIVH.exedescription pid process target process PID 968 wrote to memory of 988 968 FOCVIVH.exe vbc.exe PID 968 wrote to memory of 988 968 FOCVIVH.exe vbc.exe PID 968 wrote to memory of 988 968 FOCVIVH.exe vbc.exe PID 968 wrote to memory of 988 968 FOCVIVH.exe vbc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe"C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe"2⤵