9882a822f94ab32f588d8db12165838798c8adefefc5301eb367592662df944f

Analysis

max time kernel
140s
max time network
135s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/06/2024, 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source/Vbs_To_Exe/Portable/Vbs_To_Exe.exe
Size

1.3MB
MD5

27dd3186c5f51823aaf82b815a3abfd6
SHA1

c6ab78825bbdd53df4da2fc9a92601659ce05cb5
SHA256

f50d774a95901ee952e0f6a03b69ff3de9d92c5146a5f8bff49c7a666e8e7825
SHA512

44d36b4a68fad18ca73351c45e0d85a28011358782c23a8175847d41f4fed80578061cb5d63c63a657f788afa9d669e17d650dfb9f6cfcd4d4fa40c50fde403e
SSDEEP

24576:kYZgW+HDix/HwuzsUUy1AEWwqYFOv13kpawnPOiDzw3b2yq:DN+HSwO+EWwTwd3kwePOuzw3Jq

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2280	Vbs_To_Exe.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral5/memory/2280-0-0x0000000000400000-0x00000000006B4000-memory.dmp	upx
behavioral5/memory/2280-132-0x0000000000400000-0x00000000006B4000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\source\Vbs_To_Exe\Portable\Vbs_To_Exe.exe
"C:\Users\Admin\AppData\Local\Temp\source\Vbs_To_Exe\Portable\Vbs_To_Exe.exe"
1⤵
- Loads dropped DLL
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7908.tmp\settings.ini

Filesize
205B

MD5
55cd4e9ffd16e7c9d4543d52dcf33aae

SHA1
6f10ccde30eb25efb8b4440971a6fe1ae30cb154

SHA256
e77a4e7fa91279650391eed9080d0f84f4e68ec978cfd7b7d6d388ac241a5243

SHA512
20f3f1b1e74b4f0a90d53be79bd03050827f26e20c1d35e466c23228e925f05baec8b3b4d31ba48cd72d7015cc259dbecffbb6d5a4208ad23bd911c51467a0d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7908.tmp\settings.ini

Filesize
173B

MD5
614c8ab569086709a6052ef2ed0c2440

SHA1
7706ed1288d048cda3be7d9c27f39eaaacd38450

SHA256
e3b25d61175a8f3f5fbdaea559c6f18cc6791c842a125bbe79be7798a4bda4e6

SHA512
f607b261b967de76fbb3e777fbb5358f9d71dea4a6d4ca272b0e6785d157b6b8027824d39c92e8852654092960e53f53f8cb7ad98071a2f3ef8d57e98a585791

Download Submit
\Users\Admin\AppData\Local\Temp\7908.tmp\Scilexer.dll

Filesize
399KB

MD5
9092cc0fa27603c620df12b58c4c89df

SHA1
7b2e36fcf71aa8e20c3006a1ec001d50503a66e7

SHA256
6468cdf465b47c64ec621f548fff5e32ca24e21f50a331a17014f68006b12f0e

SHA512
a5a0d023cd06cc3b398b6929dfefb345d1ead3de54728b916e2c1c6a492a34ef610a0eedb55864b6f3d6f98fde2273223b4496a5a27b1b3ba87ba0baa6138419

Download Submit
memory/2280-0-0x0000000000400000-0x00000000006B4000-memory.dmp

Filesize
2.7MB

Download
memory/2280-132-0x0000000000400000-0x00000000006B4000-memory.dmp

Filesize
2.7MB

Download