Overview

overview

10

Static

static

_vcofsoig.nfn.exe

windows7_x64

4

_vcofsoig.nfn.exe

windows10_x64

4

onestep_817601070.exe

windows7_x64

10

onestep_817601070.exe

windows10_x64

10

Resubmissions

22-07-2021 22:17

210722-vrwe53ajen 10

22-07-2021 22:11

210722-wg9q4s96hs 10

Analysis

  • max time kernel
    146s
  • max time network
    120s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _vcofsoig.nfn.exe

  • Size

    2.1MB

  • MD5

    2c6fa0b31d84f67377ddd6ea2799b752

  • SHA1

    cf0b9d9c65829009eba7c1a5845be69be5e2e837

  • SHA256

    1c5c3a3fa4fdd0ea52166d9a924fac13883e5c5797b9acd89dace63e1a468f6f

  • SHA512

    9beaa08110453de703105a17cf6237f099b069bfd913381af334b8f61f8f69c16648f84afe3852a361a934563a27178389a1077ede1a267312394c483d941ce6

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\_vcofsoig.nfn.exe
    "C:\Users\Admin\AppData\Local\Temp\_vcofsoig.nfn.exe"
    1⤵
    • Drops file in Windows directory
    PID:632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-114-0x0000000002140000-0x0000000002141000-memory.dmp
    Filesize

    4KB

    Download