329de8026199da9268abd38e074e8d350b46a69179548b0aff68707162aa8ea6

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 22:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e0266b72ad2153c1617e39efc6765bf.exe
Size

591KB
MD5

3e0266b72ad2153c1617e39efc6765bf
SHA1

b7f7f7a18a97262cfc428b37dd3cb84fa0dbb708
SHA256

329de8026199da9268abd38e074e8d350b46a69179548b0aff68707162aa8ea6
SHA512

9632b7b6f259bf0444cbeda4b2d52e52ac1904f0b92a6cf1dfcbdbca4990efde0af0766ad2dfe87d174155514236e05e6e5befa94ddc1c90bcebed31b1bbf1a6
SSDEEP

12288:ZKtwR/bd/s9l9aFEfu2rm3F3Z4mxxsEO6YPXTF8ewBC9sv:4twR/bx89aUNrm3QmXsh6YPXTqn5v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4920	VB_Server1.23.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\VB_Server1.23.exe	3e0266b72ad2153c1617e39efc6765bf.exe
File opened for modification	C:\Windows\VB_Server1.23.exe	3e0266b72ad2153c1617e39efc6765bf.exe
File created	C:\Windows\Delete.bat	3e0266b72ad2153c1617e39efc6765bf.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4920	VB_Server1.23.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3488	4836	3e0266b72ad2153c1617e39efc6765bf.exe	95
PID 4836 wrote to memory of 3488	4836	3e0266b72ad2153c1617e39efc6765bf.exe	95
PID 4836 wrote to memory of 3488	4836	3e0266b72ad2153c1617e39efc6765bf.exe	95
PID 4920 wrote to memory of 3840	4920	VB_Server1.23.exe	94
PID 4920 wrote to memory of 3840	4920	VB_Server1.23.exe	94

C:\Users\Admin\AppData\Local\Temp\3e0266b72ad2153c1617e39efc6765bf.exe
"C:\Users\Admin\AppData\Local\Temp\3e0266b72ad2153c1617e39efc6765bf.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
  2⤵
  PID:3488

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
PID:3840

C:\Windows\VB_Server1.23.exe
C:\Windows\VB_Server1.23.exe
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\VB_Server1.23.exe

Filesize
591KB

MD5
3e0266b72ad2153c1617e39efc6765bf

SHA1
b7f7f7a18a97262cfc428b37dd3cb84fa0dbb708

SHA256
329de8026199da9268abd38e074e8d350b46a69179548b0aff68707162aa8ea6

SHA512
9632b7b6f259bf0444cbeda4b2d52e52ac1904f0b92a6cf1dfcbdbca4990efde0af0766ad2dfe87d174155514236e05e6e5befa94ddc1c90bcebed31b1bbf1a6

Download Submit
memory/4836-2-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4836-21-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4836-18-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/4836-17-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/4836-16-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/4836-15-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/4836-14-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/4836-13-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/4836-12-0x00000000033B0000-0x00000000033B3000-memory.dmp

Filesize
12KB

Download
memory/4836-11-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/4836-10-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4836-9-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4836-8-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4836-7-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4836-6-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/4836-4-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4836-0-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4836-3-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/4836-5-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/4836-1-0x0000000000700000-0x0000000000754000-memory.dmp

Filesize
336KB

Download
memory/4836-34-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4836-35-0x0000000000700000-0x0000000000754000-memory.dmp

Filesize
336KB

Download
memory/4920-38-0x0000000000EF0000-0x0000000000F44000-memory.dmp

Filesize
336KB

Download
memory/4920-46-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4920-31-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/4920-30-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/4920-27-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/4920-33-0x00000000011D0000-0x00000000011D1000-memory.dmp

Filesize
4KB

Download
memory/4920-37-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4920-25-0x0000000000EF0000-0x0000000000F44000-memory.dmp

Filesize
336KB

Download
memory/4920-32-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/4920-24-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4920-40-0x00000000011D0000-0x00000000011D1000-memory.dmp

Filesize
4KB

Download
memory/4920-42-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download
memory/4920-26-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/4920-49-0x0000000000400000-0x0000000000507000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads