Overview

overview

1

Static

static

1

VEGA.exe

windows7-x64

1

VEGA.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    101s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-04-2023 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VEGA.exe

  • Size

    275KB

  • MD5

    dc948b7c302e5b67ecd516d3128424e6

  • SHA1

    c73bc574b6d58f35cf7cda83634b9f1bdeec756a

  • SHA256

    d7cf025eb876f6f40f6ea7aab13fdc5e847641b6d2fc1dcd8e7f5cb0807f9388

  • SHA512

    3303c5bc293ff6d09be2184e3f3bf720e1c607ffdd950daca05fe90860934d3f105e1fd3dcdc563491bfb2831b344f24209fd0b755c04a2b5d54135467927b03

  • SSDEEP

    6144:P72/Ck03Yw+Hwuon3vCy0uxZB33RnWcvzQnCHSaM/Axa5:PgCkkYwH3KExZvWOQnCYAo

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VEGA.exe
    "C:\Users\Admin\AppData\Local\Temp\VEGA.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ipconfig /flushdns
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1200
      • C:\Windows\system32\ipconfig.exe
        ipconfig /flushdns
        3⤵
        • Gathers network information
        PID:3184
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c del imgui.ini
      2⤵
        PID:2548
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c pause
        2⤵
          PID:1120

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads