b018a82f87820638783ed4b5201a70d34e09758fb092dd791641931d55d023e6 | Triage

Analysis

max time kernel
90s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 05:20

Sharing

Report Analysis Logs

General

Target

resources/StarVPNService.cmd
Size

132B
MD5

5fb66ddc54d5d390c97c98894feadcd8
SHA1

df95a98549a07b49a652c60b7d0f49555614d03a
SHA256

7e4e9fbd7e7cff709225d8af4abe2cb95de3e56876307c4a14008c6dedd5b103
SHA512

1d797e880dfa8d50de9082758068d9cab127fdd6d4e4010289e5342dcd37c273f2e7d82001301c7007f346644b70674f6ff69d49b6ad22c9de30419f34cabda9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4132	StarVPN.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4132	4604	cmd.exe	82
PID 4604 wrote to memory of 4132	4604	cmd.exe	82

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\StarVPNService.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Users\Admin\AppData\Local\Temp\StarVPN.exe
  StarVPN.exe resources\app.asar\packages\service\dist\index.js
  2⤵
  - Loads dropped DLL
  PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d181e56c-52b1-4b31-8271-d7fa8f1d5da4.tmp.node

Filesize
172KB

MD5
77c35abb6ac88f1118c3cb0fa8a253fa

SHA1
3fea73e15b59d8f1b7f16011ea2ef8d659df491b

SHA256
e150ae302462bf0f06bfc0ee83512f3ea949f309e81e2a43b29914e451a58f88

SHA512
63ee35e3cbac5485a59c1c55a669d52b12d3bf6d3dc5ed3f1269739c05de05340a00cc47152f2bbdfeb7fd5229da63ac8081ee592ff4f3b3cc0f4f2384f94323

Download Submit