e9de74aaf4b6a46b1b4b58d82addadb6fde86d38c113926c81cc314ab0158658 | Triage

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 03:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3fbc6d5db55638e3259b2f11f718fc8d.exe
Size

235KB
MD5

3fbc6d5db55638e3259b2f11f718fc8d
SHA1

9e6b383e3c61422ace98a4e969eb29f9a65f0718
SHA256

e9de74aaf4b6a46b1b4b58d82addadb6fde86d38c113926c81cc314ab0158658
SHA512

f19d887f530cc89dfa40163af537a43f914aa99794bedac80910ffae010d8d231854b248ebf78e9db0b614b8cd211491152ef0a088faba07418b322759e0f7ab
SSDEEP

6144:NRgym92YGB+40vPLGPASXGachomI69VaxYTf:/6fu+40vPuX819Vj7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3092	winvnc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3092	winvnc.exe
3092	winvnc.exe
3092	winvnc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3092	winvnc.exe
3092	winvnc.exe
3092	winvnc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 3092	2732	3fbc6d5db55638e3259b2f11f718fc8d.exe	19
PID 2732 wrote to memory of 3092	2732	3fbc6d5db55638e3259b2f11f718fc8d.exe	19
PID 2732 wrote to memory of 3092	2732	3fbc6d5db55638e3259b2f11f718fc8d.exe	19

C:\Users\Admin\AppData\Local\Temp\3fbc6d5db55638e3259b2f11f718fc8d.exe
"C:\Users\Admin\AppData\Local\Temp\3fbc6d5db55638e3259b2f11f718fc8d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\7zS46BD.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads