Overview

overview

7

Static

static

ec31cebcf3...39.exe

windows7-x64

7

ec31cebcf3...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    88s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec31cebcf3cc2457a0d29c09841d4db251f05afe6962aa89fe09756b088ca939.exe

  • Size

    524KB

  • MD5

    015f34e50549208531450e253bb2f064

  • SHA1

    30869dffd8af104fead2409e83ab07c730f14516

  • SHA256

    ec31cebcf3cc2457a0d29c09841d4db251f05afe6962aa89fe09756b088ca939

  • SHA512

    8d934fad50a1efb6dc5f8b25ab8b11a3ccf598c73a988acd94afffb17ba1b202e0c8ac21364390268ddd7472fcab09defc95a6f6b91fe04448e59f6edaaffc27

  • SSDEEP

    12288:3l0h4plprMRUul6NwrdYjeCYibcRLuYyYwZffu+rKO7GFV:3xrMRUuwGrdYjxYbuFZ3xx

Score
7/10
persistence

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec31cebcf3cc2457a0d29c09841d4db251f05afe6962aa89fe09756b088ca939.exe
    "C:\Users\Admin\AppData\Local\Temp\ec31cebcf3cc2457a0d29c09841d4db251f05afe6962aa89fe09756b088ca939.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      2⤵
      • Adds Run key to start application
      PID:584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/584-65-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-77-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-66-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-74-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-58-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-59-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-61-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-63-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-73-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-72-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-70-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-68-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/584-71-0x0000000000468CC4-mapping.dmp

    Download

  • memory/972-55-0x0000000074C30000-0x00000000751DB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/972-56-0x0000000074C30000-0x00000000751DB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/972-57-0x00000000002A5000-0x00000000002B6000-memory.dmp

    Filesize

    68KB

    Download

  • memory/972-75-0x0000000074C30000-0x00000000751DB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/972-76-0x00000000002A5000-0x00000000002B6000-memory.dmp

    Filesize

    68KB

    Download

  • memory/972-54-0x00000000754F1000-0x00000000754F3000-memory.dmp

    Filesize

    8KB

    Download