Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 02:04

General

  • Target

    b676c17a455c3cbc95167c0e80d07d7364ff8894134edfaa020627ccc5469fab.exe

  • Size

    635KB

  • MD5

    a25d570c2f9692f49d7a94ce04a48eda

  • SHA1

    a45b7681227eff915cd1c39e52b89efdea195ccc

  • SHA256

    b676c17a455c3cbc95167c0e80d07d7364ff8894134edfaa020627ccc5469fab

  • SHA512

    cbde93cc02526ea9ef749ee66756a9254a34321c1c35ae8fcd1e190aac5e0519a4f890bf7160c4fa8290743dacce832b8bdc0c8c61026c1b08f212f1fccde91d

  • SSDEEP

    12288:OsFjsY2FrAak3uTgVK5hXBmIIZup4GpDrpQNYHb71/Q6kY+FC3iWn5OB0TkqyJM:OsF4Y4Aak+TgY5hXB7IZuKsCsb7d14Cm

Score
7/10

Malware Config

Signatures

  • Uses the VBS compiler for execution 1 TTPs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b676c17a455c3cbc95167c0e80d07d7364ff8894134edfaa020627ccc5469fab.exe
    "C:\Users\Admin\AppData\Local\Temp\b676c17a455c3cbc95167c0e80d07d7364ff8894134edfaa020627ccc5469fab.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
      2⤵
        PID:2804
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
        2⤵
          PID:2904
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
          2⤵
            PID:2808
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
            2⤵
              PID:2252
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
              2⤵
                PID:2104

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2020-0-0x00000000742BE000-0x00000000742BF000-memory.dmp

              Filesize

              4KB

            • memory/2020-1-0x00000000010B0000-0x0000000001156000-memory.dmp

              Filesize

              664KB

            • memory/2020-2-0x00000000742B0000-0x000000007499E000-memory.dmp

              Filesize

              6.9MB

            • memory/2020-3-0x0000000000940000-0x0000000000956000-memory.dmp

              Filesize

              88KB

            • memory/2020-4-0x00000000009C0000-0x00000000009CE000-memory.dmp

              Filesize

              56KB

            • memory/2020-5-0x00000000009D0000-0x00000000009E0000-memory.dmp

              Filesize

              64KB

            • memory/2020-6-0x0000000004E60000-0x0000000004EE2000-memory.dmp

              Filesize

              520KB

            • memory/2020-7-0x00000000742B0000-0x000000007499E000-memory.dmp

              Filesize

              6.9MB