9e4d371ea020cf27f28182a389cd3f2c8a7f2db44aec9f13af16805008d0428c

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 12:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cb752b7705fb4b43b960757eb520a1b1.exe
Size

60KB
MD5

cb752b7705fb4b43b960757eb520a1b1
SHA1

b6abd6f7abe43784e5145d5f7b20dc53eeac8ae3
SHA256

9e4d371ea020cf27f28182a389cd3f2c8a7f2db44aec9f13af16805008d0428c
SHA512

f55c48fb72966c9b8206fd1e3f9be66082697d217df42de6cd0fba6b3d3b82b2712a8416ea87459168478f3b37c0f1f8e46697b3eb0731951a890063330b175b
SSDEEP

768:b8DTyKYUvXfyUQul4LRBukOXOpNFrNmneIMsx9rfIAtwEmvgDKd2YyTA4tZRz3:b0T8+fyhul4mzWrMfjCI4viGeTvtv3

Score

7^/10

persistence

Malware Config

Signatures

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Media Center = "C:\\Windows\\smss.exe"	vbc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\Testing = "C:\\ProgramData\\explorer.exe"	cb752b7705fb4b43b960757eb520a1b1.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2200 set thread context of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\smss.exe	vbc.exe
File opened for modification	C:\Windows\smss.exe	vbc.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28
PID 2200 wrote to memory of 1700	2200	cb752b7705fb4b43b960757eb520a1b1.exe	28

C:\Users\Admin\AppData\Local\Temp\cb752b7705fb4b43b960757eb520a1b1.exe
"C:\Users\Admin\AppData\Local\Temp\cb752b7705fb4b43b960757eb520a1b1.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Adds Run key to start application
  - Drops file in Windows directory
  PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-3-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-5-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-10-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1700-14-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-16-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1700-18-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2200-1-0x0000000074EB0000-0x000000007545B000-memory.dmp

Filesize
5.7MB

Download
memory/2200-2-0x00000000006A0000-0x00000000006E0000-memory.dmp

Filesize
256KB

Download
memory/2200-0-0x0000000074EB0000-0x000000007545B000-memory.dmp

Filesize
5.7MB

Download
memory/2200-22-0x0000000074EB0000-0x000000007545B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads