ca140687ff4268f378a86616018c30773e281edfd4b9a9ddea4878d6d6b0cf9f

Analysis

max time kernel
126s
max time network
129s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10-02-2023 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vibe.exe
Size

11.3MB
MD5

11d60a9824233ddecc4d8d65baf2eb01
SHA1

718dfa7bd8b8aa64a3e95ccc611e3917f16b9f72
SHA256

ca140687ff4268f378a86616018c30773e281edfd4b9a9ddea4878d6d6b0cf9f
SHA512

5c41e758ea2f24bcecc1f14016d88e779b54d3f3e3e9e027a118c78999f4e3ce98aee33404d8e17f6bdd09e3adb8fe82a63d7d0766428f95cd5450cb6803f704
SSDEEP

196608:iswZVj61/wbITLwOjUqkL2Vmd6+Db2c/f/+ScE9R1JhbIYnAZpRjKnV7I:DY61obI/CL2Vmd6mSc/emR1JhbIYAZpJ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
984	vibe.exe
944	vibe.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1784	AUDIODG.EXE
Token: 33	1784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1784	AUDIODG.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 984	1156	vibe.exe	27
PID 1156 wrote to memory of 984	1156	vibe.exe	27
PID 1156 wrote to memory of 984	1156	vibe.exe	27
PID 1620 wrote to memory of 944	1620	vibe.exe	35
PID 1620 wrote to memory of 944	1620	vibe.exe	35
PID 1620 wrote to memory of 944	1620	vibe.exe	35

C:\Users\Admin\AppData\Local\Temp\vibe.exe
"C:\Users\Admin\AppData\Local\Temp\vibe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Users\Admin\AppData\Local\Temp\vibe.exe
  "C:\Users\Admin\AppData\Local\Temp\vibe.exe"
  2⤵
  - Loads dropped DLL
  PID:984

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1784

C:\Users\Admin\AppData\Local\Temp\vibe.exe
"C:\Users\Admin\AppData\Local\Temp\vibe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\vibe.exe
  "C:\Users\Admin\AppData\Local\Temp\vibe.exe"
  2⤵
  - Loads dropped DLL
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI11562\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16202\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI11562\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI16202\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
memory/960-57-0x000007FEFBD11000-0x000007FEFBD13000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads