c6571a53ed05f555678972f9c3b63a0ff05033e0c6d27adf401b8ab5e57cc6f8

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c84776c80b66464bcd744a285f2f433.exe
Size

65KB
MD5

8c84776c80b66464bcd744a285f2f433
SHA1

e5440fafd98c32274ba3a6a8e3564e3a97459a34
SHA256

c6571a53ed05f555678972f9c3b63a0ff05033e0c6d27adf401b8ab5e57cc6f8
SHA512

83798a4f2d5092f42bb55f9cd1dc491af9dc32704c5ae38a43b81cc1065204be5f18ee874fba3e21618bdfb1de8ce9ac6a3d6ce10ea320b00130b39161ecb0a7
SSDEEP

1536:SHcwiJH9ygkW71NNNNNNNNNNNNOOTD3NsKuSB+NNNNNNNNNNNNNNAl2NNNNN7m:SHclTd1NNNNNNNNNNNNdD3NjuSYNNNNG

Score

7^/10

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1896 set thread context of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2376	vbc.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2272	1896	8c84776c80b66464bcd744a285f2f433.exe	28
PID 1896 wrote to memory of 2272	1896	8c84776c80b66464bcd744a285f2f433.exe	28
PID 1896 wrote to memory of 2272	1896	8c84776c80b66464bcd744a285f2f433.exe	28
PID 1896 wrote to memory of 2272	1896	8c84776c80b66464bcd744a285f2f433.exe	28
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29
PID 1896 wrote to memory of 2376	1896	8c84776c80b66464bcd744a285f2f433.exe	29

C:\Users\Admin\AppData\Local\Temp\8c84776c80b66464bcd744a285f2f433.exe
"C:\Users\Admin\AppData\Local\Temp\8c84776c80b66464bcd744a285f2f433.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  PID:2272
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-0-0x0000000074B20000-0x00000000750CB000-memory.dmp

Filesize
5.7MB

Download
memory/1896-1-0x0000000074B20000-0x00000000750CB000-memory.dmp

Filesize
5.7MB

Download
memory/1896-12-0x0000000074B20000-0x00000000750CB000-memory.dmp

Filesize
5.7MB

Download
memory/1896-2-0x00000000002F0000-0x0000000000330000-memory.dmp

Filesize
256KB

Download
memory/2376-9-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2376-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2376-5-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2376-4-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2376-3-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2376-15-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download