Overview

overview

10

Static

static

028d53f522...fa.exe

windows7_x64

10

028d53f522...fa.exe

windows11_x64

10

028d53f522...fa.exe

windows10_x64

10

Bot_Checker.exe

windows7_x64

3

Bot_Checker.exe

windows11_x64

10

Bot_Checker.exe

windows10_x64

10

Uninstall.exe

windows7_x64

3

Uninstall.exe

windows11_x64

6

Uninstall.exe

windows10_x64

3

Versium.exe

windows7_x64

9

Versium.exe

windows11_x64

10

Versium.exe

windows10_x64

10

VersiumRes...it.exe

windows7_x64

10

VersiumRes...it.exe

windows11_x64

10

VersiumRes...it.exe

windows10_x64

10

VersiumRes...it.exe

windows7_x64

8

VersiumRes...it.exe

windows11_x64

8

VersiumRes...it.exe

windows10_x64

8

Versiumresearch.exe

windows7_x64

10

Versiumresearch.exe

windows11_x64

Versiumresearch.exe

windows10_x64

10

Resubmissions

12-08-2021 21:22

210812-n6l9952p1a 10

12-08-2021 20:38

210812-sm95c1t59j 10

Analysis

  • max time kernel
    333s
  • max time network
    1460s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    12-08-2021 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bot_Checker.exe

  • Size

    56KB

  • MD5

    391ca27e1e5cc0da88d1fcc8df1d0d85

  • SHA1

    25bd7c5b7d88bcd01610226fccb0910b48dc1eee

  • SHA256

    a9ee4862c1e7931ef8366b090ac1f3212e79cc17d7737f537978d9a3fb0c5ef1

  • SHA512

    2dbb84eb664798766a669c7d407be76d5154bd7d0b99f2c2371ad0ae3e1124605df0771b228f7a3406f023fa9cbba3022afb5b48207cf1eb14d94cda7a5117f9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bot_Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Bot_Checker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Users\Admin\AppData\Local\Temp\Bot_Checker.exe
      "C:\Users\Admin\AppData\Local\Temp\Bot_Checker.exe" -a
      2⤵
        PID:1992

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/748-60-0x0000000076661000-0x0000000076663000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1992-61-0x0000000000000000-mapping.dmp

      Download