53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41

Analysis

max time kernel
100s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testlnk.exe
Size

2.4MB
MD5

30757d645e25fb8ee4871ceface19772
SHA1

e21abb5ecefd8f9c9ad5f30c27ef3de913b47ed2
SHA256

53a346abbdc2c926034a024aee8a4b794edb4430826489486ad0dc46d1352d41
SHA512

226f96d3d36e70788a9b2019331fd29cbabfad994c31f3fda09d02304b246638caabf5623e66e870e3f9077f170286fa9cf4693f266be3a1dd17dc130f2378df
SSDEEP

49152:lIgOhjpeuUTmDyXv2KT0MIrCHvn9MJ7Im7uAYHsJd0ChzzI7MVHvwWjNM:lIgOhjpeuUTmDKvG4viGm6qdU0HFNM

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2008 set thread context of 101776	2008	testlnk.exe	83

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 101776	2008	testlnk.exe	83
PID 2008 wrote to memory of 101776	2008	testlnk.exe	83
PID 2008 wrote to memory of 101776	2008	testlnk.exe	83
PID 2008 wrote to memory of 101776	2008	testlnk.exe	83
PID 2008 wrote to memory of 101776	2008	testlnk.exe	83

C:\Users\Admin\AppData\Local\Temp\testlnk.exe
"C:\Users\Admin\AppData\Local\Temp\testlnk.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
  2⤵
  PID:101776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/101776-133-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/101776-138-0x0000000005D00000-0x0000000006318000-memory.dmp

Filesize
6.1MB

Download
memory/101776-139-0x00000000030F0000-0x0000000003102000-memory.dmp

Filesize
72KB

Download
memory/101776-140-0x00000000057F0000-0x00000000058FA000-memory.dmp

Filesize
1.0MB

Download
memory/101776-141-0x0000000003150000-0x000000000318C000-memory.dmp

Filesize
240KB

Download
memory/101776-142-0x00000000068D0000-0x0000000006E74000-memory.dmp

Filesize
5.6MB

Download
memory/101776-143-0x0000000001800000-0x0000000001892000-memory.dmp

Filesize
584KB

Download
memory/101776-144-0x0000000006420000-0x0000000006486000-memory.dmp

Filesize
408KB

Download
memory/101776-145-0x0000000007050000-0x0000000007212000-memory.dmp

Filesize
1.8MB

Download
memory/101776-146-0x0000000007750000-0x0000000007C7C000-memory.dmp

Filesize
5.2MB

Download
memory/101776-147-0x0000000006FD0000-0x0000000007020000-memory.dmp

Filesize
320KB

Download
memory/101776-148-0x00000000072A0000-0x0000000007316000-memory.dmp

Filesize
472KB

Download
memory/101776-149-0x0000000007240000-0x000000000725E000-memory.dmp

Filesize
120KB

Download