Overview

overview

1

Static

static

1

PandorahVNC.exe

windows10-2004-x64

1

Resubmissions

27-07-2024 01:26

240727-btjhqs1bqc 3

21-02-2023 10:55

230221-m1mdragd5y 1

21-02-2023 10:48

230221-mwehcaee59 10

Analysis

  • max time kernel
    89s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2023 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PandorahVNC.exe

  • Size

    121.7MB

  • MD5

    7e0c8dba7497c6c4239531073a04628e

  • SHA1

    d82c10b1ed2527f971b2c63e75c15a6b746119b0

  • SHA256

    100dc0db633b1dea1a0c5012f2364ff0d201ff203de1ea3820f432fc51751652

  • SHA512

    e8e79732885f4f38c15fe1e78e740b0678de64c5b8875f590678eca8229190ab84be04724f934037a8837238431c1c0b5809eebdc5e0ee8eb610be012996b722

  • SSDEEP

    3145728:Rlhah9cOLbrHMevdE5x89uYrM0cqgW05zaWPP:p09cOnrBdE5x50ce0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
    "C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2592-133-0x0000000000D40000-0x0000000001D40000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2592-134-0x000000000D100000-0x000000000D112000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2592-135-0x000000000D840000-0x000000000DDE4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2592-136-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-137-0x000000000DDF0000-0x000000000DE82000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2592-138-0x0000000014230000-0x000000001426C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2592-139-0x00000000170F0000-0x00000000170FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2592-141-0x000000001AA40000-0x000000001AA6E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2592-140-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-142-0x000000001ABF0000-0x000000001AC28000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2592-143-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-144-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-145-0x000000001B7B0000-0x000000001B7D0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2592-146-0x0000000012440000-0x00000000124EA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2592-147-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-148-0x0000000012590000-0x000000001262C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2592-149-0x000000000D280000-0x000000000D290000-memory.dmp

    Filesize

    64KB

    Download