Analysis
-
max time kernel
170s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
19-09-2022 03:32
General
-
Target
c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe
-
Size
1.1MB
-
MD5
2652dd783aca1063b48176abc46485a2
-
SHA1
91b32e8e40d49567d1709409af27d6121de005dd
-
SHA256
c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380
-
SHA512
aedd332ec11e36f8978bd1bd3b482b5d552310be41a4e6673fd9499dbd6184808eb3573105feef0559dfec07f26a2e284c98b40c6cba83b4b87bd7287d45ea0b
-
SSDEEP
24576:HaIo2sd8FMl5nzxVHZ+usYzNuZN+dPU+9Q0xURu:Hbogin9SKs+9+Ru
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe"C:\Users\Admin\AppData\Local\Temp\c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\VioDrv.exe"C:\Windows\VioDrv.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
557KB
MD57db18ce102a94fc1dcec80f01542b413
SHA1d0ce65e2031c198a62ba68a05c4bafeee7ba7f0c
SHA2567f51c43a4ab8c95ceea6011f8fa6ae6df9529ec08d4344430c323815a57ef4bb
SHA51201f3c26784e2603fa1443f18539a75ed177a5868554b0fb43d027764ab3078cb77457b54008102e052c1bd419b7df9e2a2ad73c69a4eacf2e4b26da53d33e240
-
-
Filesize
8KB