a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

Analysis

max time kernel
139s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe
Size

504KB
MD5

0fff91695af3e03cf4a9e8499ca3e621
SHA1

d22706824778009aee9500b5df231281e890dbe3
SHA256

a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0
SHA512

9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90
SSDEEP

768:D8A8xMiHF7pqEkiOhwG8ID3IahQQQaBSvZCSAE/0POyVBhYqzm6rWwWsYbPpsjp/:4fxdFtHM8IbIREc/DIzc6rWaYbO9MU

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

pid	Process
1944	VGATune.exe
516	VGATune.exe
812	VGATune.exe
4136	VGATune.exe
2792	VGATune.exe
1144	VGATune.exe
4448	VGATune.exe
3720	VGATune.exe
4700	VGATune.exe
4060	VGATune.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File created	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe
File opened for modification	C:\Windows\SysWOW64\VGATune.exe	VGATune.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1944	3068	a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe	81
PID 3068 wrote to memory of 1944	3068	a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe	81
PID 3068 wrote to memory of 1944	3068	a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe	81
PID 1944 wrote to memory of 516	1944	VGATune.exe	88
PID 1944 wrote to memory of 516	1944	VGATune.exe	88
PID 1944 wrote to memory of 516	1944	VGATune.exe	88
PID 516 wrote to memory of 812	516	VGATune.exe	90
PID 516 wrote to memory of 812	516	VGATune.exe	90
PID 516 wrote to memory of 812	516	VGATune.exe	90
PID 812 wrote to memory of 4136	812	VGATune.exe	91
PID 812 wrote to memory of 4136	812	VGATune.exe	91
PID 812 wrote to memory of 4136	812	VGATune.exe	91
PID 4136 wrote to memory of 2792	4136	VGATune.exe	92
PID 4136 wrote to memory of 2792	4136	VGATune.exe	92
PID 4136 wrote to memory of 2792	4136	VGATune.exe	92
PID 2792 wrote to memory of 1144	2792	VGATune.exe	93
PID 2792 wrote to memory of 1144	2792	VGATune.exe	93
PID 2792 wrote to memory of 1144	2792	VGATune.exe	93
PID 1144 wrote to memory of 4448	1144	VGATune.exe	94
PID 1144 wrote to memory of 4448	1144	VGATune.exe	94
PID 1144 wrote to memory of 4448	1144	VGATune.exe	94
PID 4448 wrote to memory of 3720	4448	VGATune.exe	95
PID 4448 wrote to memory of 3720	4448	VGATune.exe	95
PID 4448 wrote to memory of 3720	4448	VGATune.exe	95
PID 3720 wrote to memory of 4700	3720	VGATune.exe	96
PID 3720 wrote to memory of 4700	3720	VGATune.exe	96
PID 3720 wrote to memory of 4700	3720	VGATune.exe	96
PID 4700 wrote to memory of 4060	4700	VGATune.exe	97
PID 4700 wrote to memory of 4060	4700	VGATune.exe	97
PID 4700 wrote to memory of 4060	4700	VGATune.exe	97

C:\Users\Admin\AppData\Local\Temp\a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe
"C:\Users\Admin\AppData\Local\Temp\a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\VGATune.exe
  C:\Windows\system32\VGATune.exe 1156 "C:\Users\Admin\AppData\Local\Temp\a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Windows\SysWOW64\VGATune.exe
    C:\Windows\system32\VGATune.exe 1152 "C:\Windows\SysWOW64\VGATune.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:516
  - - C:\Windows\SysWOW64\VGATune.exe
      C:\Windows\system32\VGATune.exe 1120 "C:\Windows\SysWOW64\VGATune.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:812
    - - C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1124 "C:\Windows\SysWOW64\VGATune.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4136
      - C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1128 "C:\Windows\SysWOW64\VGATune.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1100 "C:\Windows\SysWOW64\VGATune.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1144
        
        C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1140 "C:\Windows\SysWOW64\VGATune.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4448
        
        C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1136 "C:\Windows\SysWOW64\VGATune.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3720
        
        C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1144 "C:\Windows\SysWOW64\VGATune.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4700
        
        C:\Windows\SysWOW64\VGATune.exe
        
        C:\Windows\system32\VGATune.exe 1148 "C:\Windows\SysWOW64\VGATune.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit
C:\Windows\SysWOW64\VGATune.exe

Filesize
504KB

MD5
0fff91695af3e03cf4a9e8499ca3e621

SHA1
d22706824778009aee9500b5df231281e890dbe3

SHA256
a6ab367d06067377323b5e1466311200c08bf2c5c33939e8ea0c0d6a85b96cf0

SHA512
9b7936d099ef80530a62212422cf76828f5faf6ab4da62c1bef9819b9f5c359bcad1ca8dc789fee1628a434ff22dd1ff29fc4d850410355091ea5ba40ffddd90

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads