Overview

overview

10

Static

static

9e77a03223...15.vbs

windows7_x64

10

9e77a03223...15.vbs

windows10_x64

10

Analysis

  • max time kernel
    96s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 19:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e77a03223de62be70afe19961ca8d0b88b46c20c834a5bab30ab3334baa2415.vbs

  • Size

    23KB

  • MD5

    d05ff8c51b3cb5ead20b4066a225ab52

  • SHA1

    2d9a46deaa6ebae0884c9afd62d7f6bbe7429d50

  • SHA256

    9e77a03223de62be70afe19961ca8d0b88b46c20c834a5bab30ab3334baa2415

  • SHA512

    5751ad3d68f0a07ca9f4ed1212209712d2ff4a54a59dcc16ef16dec7f6d34484bdd2fc3d430aa4a7399500992a592301b3ed0a40fc5c9c5c15f1140fe73ffc42

Score
10/10
lampionbankertrojan

Malware Config

Signatures

  • Lampion

    Lampion is a banking trojan, targeting Portuguese speaking countries.

    trojanbankerlampion
  • Blocklisted process makes network request 7 IoCs
  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\9e77a03223de62be70afe19961ca8d0b88b46c20c834a5bab30ab3334baa2415.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\System32\wscript.exe
      wscript.exe C:\Users\Admin\AppData\Roaming\rtrtiyxsqlg.vbs
      2⤵
      • Drops startup file
      • Suspicious use of AdjustPrivilegeToken
      PID:1396
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0 /state0:0xa3ad2855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\45778019845485\nkzxbubknziirrtrg25039312243460.exe
    MD5

    3b6e6c182436db8a2bfc39a3ef3c5b2d

    SHA1

    b62b5d9e6aec829af07af097326d098d28a45d6d

    SHA256

    7e478cab4281f69316b8e9407f132d19a9af9f3676c5ded5f80ea8cabcabbbea

    SHA512

    0f9fe65c3fefd5e402430f14b6b28880007225df642ecafdd4fccdca0cf44fae29034930d9a36bd510b0ec8b80ef073ec764746f5bec803353c57bb23b5d7f9a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\rtrtiyxsqlg.vbs
    MD5

    012462c32e222b7f1922ffcd40e06877

    SHA1

    eb4d9d15de2f4d0cdfede665f4ab7a5b6662893e

    SHA256

    4a5f490e5664cb9bbb549ee9a88c07ba0d0cf7e538529b739fa003ec9f21c15d

    SHA512

    9eb1243059d5baa48f78049ce58ef2f6f87fbd88e53bebdcd14eaca53f45b272f96ec43f6a79422ee0b946810a72231f10c4835122e2bc5b3d2c8774c010a388

    Download Submit