c1cd856251bcec6054cf1b927dc4f9cf98b1999fbd6084816ef9a5e15834ea76

Analysis

max time kernel
151s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 22:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VX_BOT.exe
Size

3.1MB
MD5

9e27cb40b90706353a05e19b384eaa49
SHA1

9f5dae9122be5bc7119c09b12e11a063c0b7ac97
SHA256

c1cd856251bcec6054cf1b927dc4f9cf98b1999fbd6084816ef9a5e15834ea76
SHA512

3d241a33d8cf8b80723cb3fe845f3dedd78ebffc0f827e91d57992a774a266c01db414c94965d428821d129fa05c3c3003adef302c0fc5917353094cc266a52d
SSDEEP

98304:6d3CKSzymbvaMDsY34Uwi38Qt41rk41Rsg:6odmm7lh4U738QKzW

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe
3204	VX_BOT.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 1848	3204	VX_BOT.exe	88
PID 3204 wrote to memory of 1848	3204	VX_BOT.exe	88
PID 1848 wrote to memory of 1844	1848	cmd.exe	89
PID 1848 wrote to memory of 1844	1848	cmd.exe	89
PID 1848 wrote to memory of 4196	1848	cmd.exe	90
PID 1848 wrote to memory of 4196	1848	cmd.exe	90
PID 1848 wrote to memory of 3308	1848	cmd.exe	91
PID 1848 wrote to memory of 3308	1848	cmd.exe	91

C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe
"C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VX_BOT.exe" MD5
    3⤵
    PID:1844
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4196
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3204-0-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-1-0x00007FF49E7A0000-0x00007FF49EB71000-memory.dmp

Filesize
3.8MB

Download
memory/3204-2-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-3-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-5-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-6-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-4-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-7-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-8-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-9-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-10-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-11-0x00007FFA28DF0000-0x00007FFA28E00000-memory.dmp

Filesize
64KB

Download
memory/3204-12-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-13-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-14-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-15-0x00007FF49E7A0000-0x00007FF49EB71000-memory.dmp

Filesize
3.8MB

Download
memory/3204-16-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-17-0x00007FFAA8BF0000-0x00007FFAA8DE5000-memory.dmp

Filesize
2.0MB

Download
memory/3204-18-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-19-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-20-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-21-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-22-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-23-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-24-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-25-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-26-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-27-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-28-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download
memory/3204-29-0x00007FF75B7C0000-0x00007FF75C6AA000-memory.dmp

Filesize
14.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads