Analysis

  • max time kernel
    90s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 05:20

General

  • Target

    resources/StarVPNService.cmd

  • Size

    132B

  • MD5

    5fb66ddc54d5d390c97c98894feadcd8

  • SHA1

    df95a98549a07b49a652c60b7d0f49555614d03a

  • SHA256

    7e4e9fbd7e7cff709225d8af4abe2cb95de3e56876307c4a14008c6dedd5b103

  • SHA512

    1d797e880dfa8d50de9082758068d9cab127fdd6d4e4010289e5342dcd37c273f2e7d82001301c7007f346644b70674f6ff69d49b6ad22c9de30419f34cabda9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\StarVPNService.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Users\Admin\AppData\Local\Temp\StarVPN.exe
      StarVPN.exe resources\app.asar\packages\service\dist\index.js
      2⤵
      • Loads dropped DLL
      PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d181e56c-52b1-4b31-8271-d7fa8f1d5da4.tmp.node

    Filesize

    172KB

    MD5

    77c35abb6ac88f1118c3cb0fa8a253fa

    SHA1

    3fea73e15b59d8f1b7f16011ea2ef8d659df491b

    SHA256

    e150ae302462bf0f06bfc0ee83512f3ea949f309e81e2a43b29914e451a58f88

    SHA512

    63ee35e3cbac5485a59c1c55a669d52b12d3bf6d3dc5ed3f1269739c05de05340a00cc47152f2bbdfeb7fd5229da63ac8081ee592ff4f3b3cc0f4f2384f94323