Overview

overview

10

Static

static

4494da2105...99.vbs

windows7_x64

10

4494da2105...99.vbs

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    167s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    28-01-2022 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4494da2105572a5ad07bd08110e35045c34967306f12a7ea7c91fffc0f79f599.vbs

  • Size

    15KB

  • MD5

    3c36b6fdd3bafc16376dd2bc68fec317

  • SHA1

    92729855a8cb8399e02190b17e807c0536e764f3

  • SHA256

    4494da2105572a5ad07bd08110e35045c34967306f12a7ea7c91fffc0f79f599

  • SHA512

    65897f7de6e2e7df85f3410d145907f42da49927ec961311901bb950a23c4a610282953f964d4cc8a910db573321a64d3a343de59b66db89f8508cacc5918639

Score
10/10
lampionbankertrojan

Malware Config

Signatures

  • Lampion

    Lampion is a banking trojan, targeting Portuguese speaking countries.

    trojanbankerlampion
  • Blocklisted process makes network request 3 IoCs
  • Drops startup file 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\4494da2105572a5ad07bd08110e35045c34967306f12a7ea7c91fffc0f79f599.vbs"
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Windows\System32\wscript.exe
      wscript.exe C:\Users\Admin\AppData\Roaming\jjpkyghnicd.vbs
      2⤵
      • Drops startup file
      • Suspicious use of AdjustPrivilegeToken
      PID:1120
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0 /state0:0xa3ad3055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:3068

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\81413548409938\iigdbqykrtzmyrgsk12129552721976.exe
    MD5

    f5fcf71847e23a56c488b1af1448fc6d

    SHA1

    1fc456b5d4891973d3b9180cbc8106649a294dc0

    SHA256

    1c79eb3f391b30771f42746badb2ace7c0e1c9fb850a0c308951280e1a2124f6

    SHA512

    9c4601c38e54b0732ba80bf55ed8374113872e9b322863881bd4e2b59889c6bc06fda52ba3ec84783f99dbca4f3847bada162f6d5ec9d7285468a11367fc3a2f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\jjpkyghnicd.vbs
    MD5

    a047a515f7034780ce15fcb04d0fdf70

    SHA1

    75c4e29b00231611c23871c405141d33d60c7b1e

    SHA256

    8fabdc34d49a09558100e46763b4deee9d9f6c4c471fe0faa1ed50f1186f8eb6

    SHA512

    fa3db3e9d14a6cd38e5abad3cc7f7f3719de37ec5976ae9fb8faf0d9c69ba37fc5181b387ba05c8c28600fb1d7eb6849c9a67a41a0272762fbdbb1ba2837afb2

    Download Submit