4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 03:20

Target

4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
Size

146KB
MD5

699bc8f2ec4086a8423dc35a8eb200c1
SHA1

6619f7681b1a1d5e253fae153a3beb4563e3ca1f
SHA256

4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff
SHA512

88a930dea56d5443610cdf1772db2d1675c533a9bbd3b4252ca82eb92062b177a36f82e4cc0918eb7f6e55b81a2559d718e8eaad82e021e10cf3607c3d5cdb96
SSDEEP

3072:x39yt/7RuBR9TYASYDdZwXB6YHKd2//wj6w68SwRoHbJrnULEmhHXkJc3ki4e9:x39yt/7RuBR9TYASYLGoYHKds/CQwKHw

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
672	Vnabea.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
File created	C:\Windows\Vnabea.exe	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
File opened for modification	C:\Windows\Vnabea.exe	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Vnabea.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Vnabea.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	Vnabea.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\International	Vnabea.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1460	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe
672	Vnabea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 672	1460	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe	27
PID 1460 wrote to memory of 672	1460	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe	27
PID 1460 wrote to memory of 672	1460	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe	27
PID 1460 wrote to memory of 672	1460	4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff.exe	27

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

Filesize
408B

MD5
1cf0ee5fdd2cd53aeec17a13293a4f7d

SHA1
5115caf3f2e29bceefb0b3dfe9690b6485d2cf96

SHA256
c2fa8f6b006696f6e19ecc9079e1430a1595440a80fe47349919ad1223e0678d

SHA512
7b3260bb8792a37d9edcc911887c5c74bbabb06a480ee49621f3f24b5f69a5712ce3c2d2693bb691bb7c6a81ef753fd0e2094a5cd2a3fad0d34bc9524a221ade

Download Submit
C:\Windows\Vnabea.exe

Filesize
146KB

MD5
699bc8f2ec4086a8423dc35a8eb200c1

SHA1
6619f7681b1a1d5e253fae153a3beb4563e3ca1f

SHA256
4999399c0d67a27e00ce2bede0d85bbe22156faed685f3183d60968b21f838ff

SHA512
88a930dea56d5443610cdf1772db2d1675c533a9bbd3b4252ca82eb92062b177a36f82e4cc0918eb7f6e55b81a2559d718e8eaad82e021e10cf3607c3d5cdb96

Download Submit
memory/672-60-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/672-63-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1460-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/1460-55-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1460-61-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1460-62-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download