Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
20-10-2021 05:26
Static task
static1
Behavioral task
behavioral1
Sample
0129afdbc18ac991cf95f5b137e92c6b.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
0129afdbc18ac991cf95f5b137e92c6b.exe
Resource
win10-en-20211014
General
-
Target
0129afdbc18ac991cf95f5b137e92c6b.exe
-
Size
441KB
-
MD5
0129afdbc18ac991cf95f5b137e92c6b
-
SHA1
07685713ecd4fd65bf1fa538787c60346abe69ee
-
SHA256
c5029c5b9a63919e5f893caf833072c670b9e7cb0984cc2b8d340415ab104291
-
SHA512
e22061c772c5f222c39f410bd190e72dce5522795db6907dddad8790d4a684cabea0b2ec8f22890be5f92b34a977e4633a82227b26e4082989857ab403b58bf6
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
Processes:
0129afdbc18ac991cf95f5b137e92c6b.exepid process 2024 0129afdbc18ac991cf95f5b137e92c6b.exe 2024 0129afdbc18ac991cf95f5b137e92c6b.exe 2024 0129afdbc18ac991cf95f5b137e92c6b.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 2 IoCs
Processes:
0129afdbc18ac991cf95f5b137e92c6b.exedescription ioc process File created C:\Program Files (x86)\QuickBae System\¼ÕÀÚŬ¶óÀ̾ðÆ®\QBCautorun.exe 0129afdbc18ac991cf95f5b137e92c6b.exe File created C:\Program Files (x86)\QuickBae System\¼ÕÀÚŬ¶óÀ̾ðÆ®\uninstall.exe 0129afdbc18ac991cf95f5b137e92c6b.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nstD02C.tmp\InstallOptions.dllMD5
5d195f1ac9869c208f6c02a5bde6f9c1
SHA1a8ec993a12708572ca8ca3d1fcbdc25230bdaf10
SHA25678012f560bb917218435f4b3ef2e3491bab15647e11ccb90bc117731181134c4
SHA5121f6a2e909e3a7188f24758715cdc7c9d8c17450a67c37cc74487924b00d5402c125ff8ec27b42038e20b560016f086b05133bf2bd04e670a1c46fa38c1b20672
-
\Users\Admin\AppData\Local\Temp\nstD02C.tmp\LangDLL.dllMD5
de3558ce305e32f742ff25b697407fec
SHA1d55c50c546001421647f2e91780c324dbb8d6ebb
SHA25698160b4ebb4870f64b13a45f5384b693614ae5ca1b5243edf461ca0b5a6d479a
SHA5127081654001cba9263e6fb8d5b8570ba29a3de89621f52524aa7941ba9e6dfd963e5ef7b073f193b9df70300af04d7f72f93d0241d8c70ccdbecfd9092e166cac
-
\Users\Admin\AppData\Local\Temp\nstD02C.tmp\System.dllMD5
fbe295e5a1acfbd0a6271898f885fe6a
SHA1d6d205922e61635472efb13c2bb92c9ac6cb96da
SHA256a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
SHA5122cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
memory/2024-53-0x0000000075821000-0x0000000075823000-memory.dmpFilesize
8KB