c5029c5b9a63919e5f893caf833072c670b9e7cb0984cc2b8d340415ab104291

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-en-20210920
submitted
20-10-2021 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0129afdbc18ac991cf95f5b137e92c6b.exe
Size

441KB
MD5

0129afdbc18ac991cf95f5b137e92c6b
SHA1

07685713ecd4fd65bf1fa538787c60346abe69ee
SHA256

c5029c5b9a63919e5f893caf833072c670b9e7cb0984cc2b8d340415ab104291
SHA512

e22061c772c5f222c39f410bd190e72dce5522795db6907dddad8790d4a684cabea0b2ec8f22890be5f92b34a977e4633a82227b26e4082989857ab403b58bf6

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

0129afdbc18ac991cf95f5b137e92c6b.exe

pid process

2024 0129afdbc18ac991cf95f5b137e92c6b.exe
2024 0129afdbc18ac991cf95f5b137e92c6b.exe
2024 0129afdbc18ac991cf95f5b137e92c6b.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2024	0129afdbc18ac991cf95f5b137e92c6b.exe
2024	0129afdbc18ac991cf95f5b137e92c6b.exe
2024	0129afdbc18ac991cf95f5b137e92c6b.exe

Drops file in Program Files directory 2 IoCs

Processes:

0129afdbc18ac991cf95f5b137e92c6b.exe

description	ioc	process
File created	C:\Program Files (x86)\QuickBae System\¼ÕÀÚÅ¬¶óÀÌ¾ðÆ®\QBCautorun.exe	0129afdbc18ac991cf95f5b137e92c6b.exe
File created	C:\Program Files (x86)\QuickBae System\¼ÕÀÚÅ¬¶óÀÌ¾ðÆ®\uninstall.exe	0129afdbc18ac991cf95f5b137e92c6b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0129afdbc18ac991cf95f5b137e92c6b.exe
"C:\Users\Admin\AppData\Local\Temp\0129afdbc18ac991cf95f5b137e92c6b.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2024

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nstD02C.tmp\InstallOptions.dll
MD5
5d195f1ac9869c208f6c02a5bde6f9c1

SHA1
a8ec993a12708572ca8ca3d1fcbdc25230bdaf10

SHA256
78012f560bb917218435f4b3ef2e3491bab15647e11ccb90bc117731181134c4

SHA512
1f6a2e909e3a7188f24758715cdc7c9d8c17450a67c37cc74487924b00d5402c125ff8ec27b42038e20b560016f086b05133bf2bd04e670a1c46fa38c1b20672

Download Submit
\Users\Admin\AppData\Local\Temp\nstD02C.tmp\LangDLL.dll
MD5
de3558ce305e32f742ff25b697407fec

SHA1
d55c50c546001421647f2e91780c324dbb8d6ebb

SHA256
98160b4ebb4870f64b13a45f5384b693614ae5ca1b5243edf461ca0b5a6d479a

SHA512
7081654001cba9263e6fb8d5b8570ba29a3de89621f52524aa7941ba9e6dfd963e5ef7b073f193b9df70300af04d7f72f93d0241d8c70ccdbecfd9092e166cac

Download Submit
\Users\Admin\AppData\Local\Temp\nstD02C.tmp\System.dll
MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
memory/2024-53-0x0000000075821000-0x0000000075823000-memory.dmp

Filesize
8KB

Download