Overview

overview

5

Static

static

3

VlBBUwxYy.exe

windows7-x64

5

VlBBUwxYy.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    41s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/08/2024, 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VlBBUwxYy.exe

  • Size

    5.6MB

  • MD5

    8124ea8a72fc599dfe2a672dbaa458a3

  • SHA1

    3e96b54608e40d37e77c252135fe11566228fdc4

  • SHA256

    e10738a140545f3c5604d932e44ec6a3e310379ae99595add8b29c6fa5442bef

  • SHA512

    2db2a58856fbc3b9594ef6628dc85a360ed068a55b395a1aa2b494c68d267d07c9450fbe3f67c408d9a57e75528d421961ec18ce704a13efbf6ad6db5aa0ed39

  • SSDEEP

    98304:eW2nKiXBk1IIhLcIatIRksW/lby/PEJb+b1xU76wMxxyfKmt:p2KQOIE5aORlf3b1xU+jyfKm

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VlBBUwxYy.exe
    "C:\Users\Admin\AppData\Local\Temp\VlBBUwxYy.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VlBBUwxYy.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3228
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\VlBBUwxYy.exe" MD5
        3⤵
          PID:3668
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:1808
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:2536
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c CLS
            2⤵
              PID:3604
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c start cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:3604
              • C:\Windows\system32\cmd.exe
                cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5"
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:4528
                • C:\Windows\system32\timeout.exe
                  timeout /t 5
                  4⤵
                  • Delays execution with timeout.exe
                  PID:1508
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4372,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
            1⤵
              PID:4844

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2964-5-0x00007FF74D378000-0x00007FF74D719000-memory.dmp

              Filesize

              3.6MB

              Download

            • memory/2964-6-0x00007FF74D2E0000-0x00007FF74DCB8000-memory.dmp

              Filesize

              9.8MB

              Download

            • memory/2964-1-0x00007FF74D2E0000-0x00007FF74DCB8000-memory.dmp

              Filesize

              9.8MB

              Download

            • memory/2964-0-0x00007FF8A7A50000-0x00007FF8A7A52000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2964-7-0x00007FF74D378000-0x00007FF74D719000-memory.dmp

              Filesize

              3.6MB

              Download

            • memory/2964-8-0x00007FF74D2E0000-0x00007FF74DCB8000-memory.dmp

              Filesize

              9.8MB

              Download

            • memory/2964-9-0x00007FF74D2E0000-0x00007FF74DCB8000-memory.dmp

              Filesize

              9.8MB

              Download