Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2023, 19:05

General

  • Target

    1d678410484e34165adb652f7e86a2b5cae5f58d.exe

  • Size

    361KB

  • MD5

    18852c1659b6641a1f4eeacf6ce6bb8d

  • SHA1

    1d678410484e34165adb652f7e86a2b5cae5f58d

  • SHA256

    34efda61716ff1db7297813317e194d4eaa74ae5209810ef6045aabab2af3179

  • SHA512

    86295df5931e4673fc6579c1d6425040dbf44c6fbd5c19a35228f1c9f8d4917944c8ff020998d4504853398e7640664bf10c275835b1bfa7a236a073ed518b74

  • SSDEEP

    6144:lUNamFD8LPUsNuwibRhinAoCRH+SXm+iMvOfcLpp0AdgqMGjEAOe75wBNEj+nc:lUFD8LPaw2RhinATReSXmPMvBBdqZBNU

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d678410484e34165adb652f7e86a2b5cae5f58d.exe
    "C:\Users\Admin\AppData\Local\Temp\1d678410484e34165adb652f7e86a2b5cae5f58d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:1544
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 48
        2⤵
        • Program crash
        PID:472

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1544-54-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

    • memory/1544-56-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB