Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
09-07-2023 15:23
Behavioral task
behavioral1
Sample
some.exe
Resource
win7-20230703-en
windows7-x64
6 signatures
150 seconds
General
-
Target
some.exe
-
Size
114KB
-
MD5
73087e68a230fde5c9d76f9c13f585d2
-
SHA1
14d0d852e6bc61df0a0880dc8dab21cfba7b1a89
-
SHA256
d6e626a9d886d492459872d1e82a172ba0dc3cb788180c20c3d7fd5c02e4635a
-
SHA512
c62adaa2b2f64b8abf0f24bd282a0ea88ee68bab434ecadb242dfa0ce066ae83df68e92938af77fe0a2ac4765d9091dfb6c268783a17d8523eb289d61f81f82d
-
SSDEEP
3072:IJZKnPE2YyJzELtyTtyYeY8lNgoiJ+sX8HFvytbUNk:IJZKBI0tyYeY4eoiJ+sCFvj
Score
10/10
Malware Config
Signatures
-
VanillaRat
VanillaRat is an advanced remote administration tool coded in C#.
-
Vanilla Rat payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2296-54-0x00000000010A0000-0x00000000010C2000-memory.dmp vanillarat behavioral1/memory/2296-55-0x0000000004D90000-0x0000000004DD0000-memory.dmp vanillarat -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 1 IoCs
Processes:
mspaint.exedescription ioc process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 2080 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2080 AUDIODG.EXE Token: 33 2080 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2080 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
mspaint.exepid process 588 mspaint.exe 588 mspaint.exe 588 mspaint.exe 588 mspaint.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\some.exe"C:\Users\Admin\AppData\Local\Temp\some.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5c81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/588-57-0x000007FEF5FD0000-0x000007FEF601C000-memory.dmpFilesize
304KB
-
memory/588-58-0x00000000021B0000-0x00000000021B1000-memory.dmpFilesize
4KB
-
memory/2296-54-0x00000000010A0000-0x00000000010C2000-memory.dmpFilesize
136KB
-
memory/2296-55-0x0000000004D90000-0x0000000004DD0000-memory.dmpFilesize
256KB
-
memory/2296-56-0x0000000004D90000-0x0000000004DD0000-memory.dmpFilesize
256KB