c1cd856251bcec6054cf1b927dc4f9cf98b1999fbd6084816ef9a5e15834ea76

Analysis

max time kernel
188s
max time network
135s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11/11/2023, 22:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VX_BOT.exe
Size

3.1MB
MD5

9e27cb40b90706353a05e19b384eaa49
SHA1

9f5dae9122be5bc7119c09b12e11a063c0b7ac97
SHA256

c1cd856251bcec6054cf1b927dc4f9cf98b1999fbd6084816ef9a5e15834ea76
SHA512

3d241a33d8cf8b80723cb3fe845f3dedd78ebffc0f827e91d57992a774a266c01db414c94965d428821d129fa05c3c3003adef302c0fc5917353094cc266a52d
SSDEEP

98304:6d3CKSzymbvaMDsY34Uwi38Qt41rk41Rsg:6odmm7lh4U738QKzW

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe
2660	VX_BOT.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 1720	2660	VX_BOT.exe	32
PID 2660 wrote to memory of 1720	2660	VX_BOT.exe	32
PID 2660 wrote to memory of 1720	2660	VX_BOT.exe	32
PID 1720 wrote to memory of 2664	1720	cmd.exe	31
PID 1720 wrote to memory of 2664	1720	cmd.exe	31
PID 1720 wrote to memory of 2664	1720	cmd.exe	31
PID 1720 wrote to memory of 2692	1720	cmd.exe	30
PID 1720 wrote to memory of 2692	1720	cmd.exe	30
PID 1720 wrote to memory of 2692	1720	cmd.exe	30
PID 1720 wrote to memory of 2700	1720	cmd.exe	33
PID 1720 wrote to memory of 2700	1720	cmd.exe	33
PID 1720 wrote to memory of 2700	1720	cmd.exe	33

C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe
"C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:2700

C:\Windows\system32\find.exe
find /i /v "md5"
1⤵
PID:2692

C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe" MD5
1⤵
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2660-0-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-1-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2660-3-0x0000000077870000-0x0000000077A19000-memory.dmp

Filesize
1.7MB

Download
memory/2660-2-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-4-0x0000000077870000-0x0000000077A19000-memory.dmp

Filesize
1.7MB

Download
memory/2660-5-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-7-0x0000000077870000-0x0000000077A19000-memory.dmp

Filesize
1.7MB

Download
memory/2660-6-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-8-0x0000000077870000-0x0000000077A19000-memory.dmp

Filesize
1.7MB

Download
memory/2660-9-0x0000000001F80000-0x0000000001F90000-memory.dmp

Filesize
64KB

Download
memory/2660-10-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-11-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-12-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-13-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/2660-14-0x0000000077870000-0x0000000077A19000-memory.dmp

Filesize
1.7MB

Download
memory/2660-15-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-16-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-17-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-18-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-19-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-20-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-21-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-22-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-23-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-24-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-25-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download
memory/2660-26-0x000000013F200000-0x00000001400EA000-memory.dmp

Filesize
14.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads