c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-09-2022 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FOCVIVH.exe
Size

3.5MB
MD5

85c27c29bcd669111e83ece79e7e0a62
SHA1

24cb399e0de0896709242e3e2cc2b0435d5c206e
SHA256

c7d3d775fda24b3244022a1488315c51a55d54e155b8e788583c0d50a4a9f5e9
SHA512

9d01e2e090c553f3de1a85300f7faa36cee4a4e135ec47854529aaa1fe2fd2e0313b8202dbf875b6cc21e0a1ec46d1c1d379563ad7560470dd0a246c8bae7e99
SSDEEP

24576:DqkwrOTxquuoM1iHVHv/Rkelbl1RWuetgVR04suAKluiCionxi3tWEvvbwDiqBQd:4uuoBVH7XRWFIDpkdj

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

FOCVIVH.exe

pid process

968 FOCVIVH.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

FOCVIVH.exe

description pid process

Token: SeDebugPrivilege 968 FOCVIVH.exe

pid	process
968	FOCVIVH.exe

description	pid	process
Token: SeDebugPrivilege	968	FOCVIVH.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

FOCVIVH.exe

description	pid	process	target process
PID 968 wrote to memory of 988	968	FOCVIVH.exe	vbc.exe
PID 968 wrote to memory of 988	968	FOCVIVH.exe	vbc.exe
PID 968 wrote to memory of 988	968	FOCVIVH.exe	vbc.exe
PID 968 wrote to memory of 988	968	FOCVIVH.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe
"C:\Users\Admin\AppData\Local\Temp\FOCVIVH.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe"
2⤵
PID:988

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-54-0x0000000000F20000-0x00000000012A6000-memory.dmp

Filesize
3.5MB

Download
memory/968-55-0x00000000003C0000-0x0000000000426000-memory.dmp

Filesize
408KB

Download