2b6d41b71ee9f7400ed517803ac40469fa8a266b8b7c23274904f783f84b481e

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 06:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

UltraVNC_1.0.8.2_x64_Setup.exe
Size

2.0MB
MD5

620329f947b7085e9361f9631e45ecf8
SHA1

a4a3e2845ef336fbfdee80b8ef4a94bec36364ce
SHA256

2b6d41b71ee9f7400ed517803ac40469fa8a266b8b7c23274904f783f84b481e
SHA512

626417ed11a9e22ee502ebe203f16ac57da5ac736dcd30e8dc753d9e456c596f7b1374132c42f9a109a196392da939b3d2931e64d42e825a731bb99d63b42cfd
SSDEEP

49152:H28M5lbM7sTrZxSXCF6g9dHFIVp7ZjPsXfGuM++VeLD4H21SpS:WLrr0L9kvGuM+UeLJ3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1064	UltraVNC_1.0.8.2_x64_Setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
1064	UltraVNC_1.0.8.2_x64_Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 1064	3424	UltraVNC_1.0.8.2_x64_Setup.exe	84
PID 3424 wrote to memory of 1064	3424	UltraVNC_1.0.8.2_x64_Setup.exe	84
PID 3424 wrote to memory of 1064	3424	UltraVNC_1.0.8.2_x64_Setup.exe	84

C:\Users\Admin\AppData\Local\Temp\UltraVNC_1.0.8.2_x64_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\UltraVNC_1.0.8.2_x64_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Users\Admin\AppData\Local\Temp\is-ELF5V.tmp\UltraVNC_1.0.8.2_x64_Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-ELF5V.tmp\UltraVNC_1.0.8.2_x64_Setup.tmp" /SL5="$C01DE,1708378,346112,C:\Users\Admin\AppData\Local\Temp\UltraVNC_1.0.8.2_x64_Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6BFRV.tmp\UltraVNC.ico

Filesize
290KB

MD5
632173b8e1725b0320ad74f5c5a1dca3

SHA1
efddefce57b2e014f7b43d93648d23d88447c166

SHA256
b0fc6eb07d6b18a2db64362e8450fea2a6be22ee49a19efe5d33a98820f05fc8

SHA512
52b376165b039db10688e0ef401fadac5075df1887fa5150094986c9237f473dd15fb79ebf9a8fba01981959ecb341b23a333ede17a5298a87d1cedc98e12a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6BFRV.tmp\isxdl.dll

Filesize
120KB

MD5
0d8401162731cfd88cfac6284eb18405

SHA1
50701e8068940cf5e2ff6f9bc6aca1093ec0c4e7

SHA256
3fa7c2b84bd328d28412ea29ce14da423a5a04365c61df19072c65c77463c91a

SHA512
22059f7a85deb2677cb3ca2265b2bf46322c3781f8ae54b924295237e736b48ee32dd1771c95f0699ce0eac563104af7888c3103ff0c0b1c31125f1e70fc9afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ELF5V.tmp\UltraVNC_1.0.8.2_x64_Setup.tmp

Filesize
954KB

MD5
a93f774d67226d7069e2bc1c8be5af24

SHA1
7696a21b9aaf3ffea7aefe9a87393907ed60e712

SHA256
99bcc3a110e2324452c3a35967b25661f04bbcdf667e8d6afcf07ed708d21246

SHA512
d377881624c39d052206bf2d61ef5044e799f8380ab1ee3aee9444d540cc7d0f510452c9bc429a33944e5c5b63ce41da7cc525bf87601cf9915012e92134807c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ELF5V.tmp\UltraVNC_1.0.8.2_x64_Setup.tmp

Filesize
954KB

MD5
a93f774d67226d7069e2bc1c8be5af24

SHA1
7696a21b9aaf3ffea7aefe9a87393907ed60e712

SHA256
99bcc3a110e2324452c3a35967b25661f04bbcdf667e8d6afcf07ed708d21246

SHA512
d377881624c39d052206bf2d61ef5044e799f8380ab1ee3aee9444d540cc7d0f510452c9bc429a33944e5c5b63ce41da7cc525bf87601cf9915012e92134807c

Download Submit
memory/1064-140-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/1064-162-0x0000000000400000-0x00000000004FD000-memory.dmp

Filesize
1012KB

Download
memory/1064-163-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/3424-134-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/3424-160-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download