0617c3e53586b83797e4209ea9cd6bc8b2e39c8da70b5b403c6dde22f9fd1d28

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Aventia_AS_002600.vbs
Size

73KB
MD5

453e9aaf18526533a0f039baeaa79082
SHA1

b189a02057f6b1457f5dc83f2d58ed4fb0fa3372
SHA256

bf55c23767ad3981da15d4789452b9738b018e840de160697b754d49e2853761
SHA512

5c1d2e33fe95a10bc6ee7aa89fe932f976b96bcd7d93cb98af2c24a6b15b5f1a14a4346458310071ce47d340ccb51214a3868b846c62667dbba165b01c96d285
SSDEEP

1536:raCCZDbSV8CeDYUrTqgNQSGu7PEkvbGLSOSGn4tqabynRkbY/Mu4SbfIkaktmjfo:GN6V8CeDYUrTqqQSGu7PEkvbGLSOSGnl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 2332 wrote to memory of 1576	2332	taskeng.exe	cmd.exe
PID 2332 wrote to memory of 1576	2332	taskeng.exe	cmd.exe
PID 2332 wrote to memory of 1576	2332	taskeng.exe	cmd.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Aventia_AS_002600.vbs"
1⤵
PID:2200

C:\Windows\system32\taskeng.exe
taskeng.exe {A4B03D55-741E-43E5-BC38-FBBD39286EA3} S-1-5-21-2248906074-2862704502-246302768-1000:GHPZRGFC\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2332

C:\Windows\system32\cmd.exe
cmd.exe /c ren C:\Users\Admin\AppData\Local\Temp\ImageView.txt svchost.exe &C:\Users\Admin\AppData\Local\Temp/svchost.exe
2⤵
PID:1576

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads