20a3edb86df0d63de952958c52e9d7bc5c464ba18b19015fe54cd881cb2ce4a6

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87973ee7fd05b363ce34cdde32bfa1bb.exe
Size

276KB
MD5

87973ee7fd05b363ce34cdde32bfa1bb
SHA1

ebf6f5659d8ad1baaee6b9ed91c7839e3d568fe0
SHA256

20a3edb86df0d63de952958c52e9d7bc5c464ba18b19015fe54cd881cb2ce4a6
SHA512

d360b6d6299f1a20b6fc72af4d1759a658a5db4248242ee3f35143a44353da6d77118fe6efbc88ee557ab1b63acb12dee0e60d3794edaca5af603efa4ce41860
SSDEEP

6144:ERgym92YGB+40vPLGPAbe9ptNwx4fiTgVDmMbda4fh/sX2FbLbbCFxiovkI:86fu+40vPW97s4fiUVzbbfhusPvAkI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4908	winvnc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4908	winvnc.exe
4908	winvnc.exe
4908	winvnc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4908	winvnc.exe
4908	winvnc.exe
4908	winvnc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 4908	1956	87973ee7fd05b363ce34cdde32bfa1bb.exe	84
PID 1956 wrote to memory of 4908	1956	87973ee7fd05b363ce34cdde32bfa1bb.exe	84
PID 1956 wrote to memory of 4908	1956	87973ee7fd05b363ce34cdde32bfa1bb.exe	84

C:\Users\Admin\AppData\Local\Temp\87973ee7fd05b363ce34cdde32bfa1bb.exe
"C:\Users\Admin\AppData\Local\Temp\87973ee7fd05b363ce34cdde32bfa1bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\background.bmp

Filesize
1KB

MD5
6ce6e5fcf1a56b80f4ffa6f685d4329d

SHA1
91780868c241e83754003855407805c0cda20254

SHA256
6fcc92e281d25569d300297ef79a5796bc5e0c226aa35624dd6a9f38b8413402

SHA512
7af21c8840f56c5ded22161504dd3d6c282ad83a0fb1f711fccfc7d87676de3036120e60e2c0e57fb998a0dcfe512950d3f16e0bdcb493d37a681f31b8cb399f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\helpdesk.txt

Filesize
811B

MD5
7633c5458d7d261d56b6c6dd1db23f8d

SHA1
3a46d8093a154df8fc991a72f9a1500a8e5ca147

SHA256
5620ce1ab58483f469b066dad849f46a4c72a859df5014ba2dacd288293d551d

SHA512
fa7f1efed3439fd139dca8ddcabdd3eba411429d75f21aa24a2cf35bf70148439f706ecefb9408f1a3937c5db020ab8cda1712383b2ff2ee448df1bb6f948d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\icon1.ico

Filesize
766B

MD5
12bf2c3f109b1886fbd1a415f3e07ac3

SHA1
f4dc3e1a01b034f4119f4feff0ae2147d2639ff1

SHA256
2c20effc88e61ad222be519d2348f16a38e261509d44e7f102c25da38d36dc61

SHA512
a95710c747f6b822644154241b10bfaddfb549cdab5d3b8eaa4987b945350aee3ae0564bdba6183bd0307995ad64bedf88a2896532b58891322f65d8e849647e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\logo.bmp

Filesize
35KB

MD5
c4914ad63d962ea561914d9fce4c3569

SHA1
e2f20aa0c8e347963d3d2a7ee2ff1717ef59d9f6

SHA256
c192bea586b2a937cdc2d5f99dfb42952b5756a500b2af8152a3d6b89669819b

SHA512
87977ba7a577651a7e1ca9a17deb234d505bf2b290e51ed6e51773f115341935406384e361ed2c034643bebd9cad39c14f21e1fc8efaf6c09a729f9ef6e5b72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS7C64.tmp\winvnc.exe

Filesize
360KB

MD5
4e975ce37bf012af72e7730725d13f4e

SHA1
791969b54bddd10f178bed91e4fbcedc49bec41d

SHA256
3cc2fa5074df5a6f1e92ba86f889f7ad091fc83c3eea2ec382193cb668a28ffd

SHA512
3fe714896ffc7d4a5b0fef8009678fb6002d97f6af45bf69e97238cdd7b5cedc7404bd0a03e978abbaf1967081030c3c2017523f1264cb304ae7d230e4a297f8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads