Analysis
-
max time kernel
4264945s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
16-01-2022 11:23
Static task
static1
Behavioral task
behavioral1
Sample
vbc (1).exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
vbc (1).exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
vbc (1).exe
Resource
win10v2004-en-20220113
General
-
Target
vbc (1).exe
-
Size
368KB
-
MD5
39a6683b9b279f662f90e1fa6b651c82
-
SHA1
6820838b0de135a5f83d817f16d7119176c6f083
-
SHA256
a15aa89da9f5f87dad62333dca4d34358a10dc939ba64479d01a46675276bbac
-
SHA512
3783c627fcf5c3ab970691d20f7d1b981528b42a447184a53b11e7d2425704539a82a580dfa83ce3c9514c58228d3c4ef8b588312deb8ff7180164291b318c57
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
vbc (1).exepid process 676 vbc (1).exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
vbc (1).exedescription pid process target process PID 676 set thread context of 440 676 vbc (1).exe vbc (1).exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
vbc (1).exedescription pid process target process PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe PID 676 wrote to memory of 440 676 vbc (1).exe vbc (1).exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"C:\Users\Admin\AppData\Local\Temp\vbc (1).exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsg6203.tmp\eueoumgs.dllMD5
b613ccddb6e0fad9cb7dab1869415a62
SHA1e2ca21a3ae509046318dba186a92c6cc13b4fc5a
SHA256db2d5d67682843c056ec0325891a34cf42276c7d22a9641aae9740bc9ab1ec85
SHA512be090160ef9cc91708a843e19fc31a0a333eb19e20d68d52333ed2cbac4a76d8ec998042453b342470323dcf7d769a707b2adcff3b65c6238c8bd405884cc6cd
-
memory/440-131-0x0000000000000000-mapping.dmp
-
memory/440-132-0x0000000000400000-0x00000000004A2000-memory.dmpFilesize
648KB