Overview

overview

10

Static

static

1

vbc (1).exe

windows7_x64

10

vbc (1).exe

windows10_x64

10

vbc (1).exe

windows10-2004_x64

7

Analysis

  • max time kernel
    4264945s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    16-01-2022 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vbc (1).exe

  • Size

    368KB

  • MD5

    39a6683b9b279f662f90e1fa6b651c82

  • SHA1

    6820838b0de135a5f83d817f16d7119176c6f083

  • SHA256

    a15aa89da9f5f87dad62333dca4d34358a10dc939ba64479d01a46675276bbac

  • SHA512

    3783c627fcf5c3ab970691d20f7d1b981528b42a447184a53b11e7d2425704539a82a580dfa83ce3c9514c58228d3c4ef8b588312deb8ff7180164291b318c57

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vbc (1).exe
    "C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:676
    • C:\Users\Admin\AppData\Local\Temp\vbc (1).exe
      "C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"
      2⤵
        PID:440

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsg6203.tmp\eueoumgs.dll
      MD5

      b613ccddb6e0fad9cb7dab1869415a62

      SHA1

      e2ca21a3ae509046318dba186a92c6cc13b4fc5a

      SHA256

      db2d5d67682843c056ec0325891a34cf42276c7d22a9641aae9740bc9ab1ec85

      SHA512

      be090160ef9cc91708a843e19fc31a0a333eb19e20d68d52333ed2cbac4a76d8ec998042453b342470323dcf7d769a707b2adcff3b65c6238c8bd405884cc6cd

      Download Submit
    • memory/440-131-0x0000000000000000-mapping.dmp
      Download
    • memory/440-132-0x0000000000400000-0x00000000004A2000-memory.dmp
      Filesize

      648KB

      Download