Analysis
-
max time kernel
146s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
22-07-2021 22:11
Static task
static1
Behavioral task
behavioral1
Sample
_vcofsoig.nfn.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
_vcofsoig.nfn.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
onestep_817601070.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
_vcofsoig.nfn.exe
-
Size
2.1MB
-
MD5
2c6fa0b31d84f67377ddd6ea2799b752
-
SHA1
cf0b9d9c65829009eba7c1a5845be69be5e2e837
-
SHA256
1c5c3a3fa4fdd0ea52166d9a924fac13883e5c5797b9acd89dace63e1a468f6f
-
SHA512
9beaa08110453de703105a17cf6237f099b069bfd913381af334b8f61f8f69c16648f84afe3852a361a934563a27178389a1077ede1a267312394c483d941ce6
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
Processes:
_vcofsoig.nfn.exedescription ioc process File opened for modification C:\Windows\Q-Dir.ini _vcofsoig.nfn.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/632-114-0x0000000002140000-0x0000000002141000-memory.dmpFilesize
4KB