Overview

overview

8

Static

static

c0bbba0b65...80.exe

windows7-x64

8

c0bbba0b65...80.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    157s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 03:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe

  • Size

    1.1MB

  • MD5

    2652dd783aca1063b48176abc46485a2

  • SHA1

    91b32e8e40d49567d1709409af27d6121de005dd

  • SHA256

    c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380

  • SHA512

    aedd332ec11e36f8978bd1bd3b482b5d552310be41a4e6673fd9499dbd6184808eb3573105feef0559dfec07f26a2e284c98b40c6cba83b4b87bd7287d45ea0b

  • SSDEEP

    24576:HaIo2sd8FMl5nzxVHZ+usYzNuZN+dPU+9Q0xURu:Hbogin9SKs+9+Ru

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe
    "C:\Users\Admin\AppData\Local\Temp\c0bbba0b65a003daa414c9ed9d07ecc853446223c7f8fe72bb6b7bcbe8018380.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\Windows\VioDrv.exe
      "C:\Windows\VioDrv.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      PID:5048

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\VioDrv.exe
          Filesize

          557KB

          MD5

          7db18ce102a94fc1dcec80f01542b413

          SHA1

          d0ce65e2031c198a62ba68a05c4bafeee7ba7f0c

          SHA256

          7f51c43a4ab8c95ceea6011f8fa6ae6df9529ec08d4344430c323815a57ef4bb

          SHA512

          01f3c26784e2603fa1443f18539a75ed177a5868554b0fb43d027764ab3078cb77457b54008102e052c1bd419b7df9e2a2ad73c69a4eacf2e4b26da53d33e240

          Download Submit

        • C:\Windows\VioDrv.exe
          Filesize

          557KB

          MD5

          7db18ce102a94fc1dcec80f01542b413

          SHA1

          d0ce65e2031c198a62ba68a05c4bafeee7ba7f0c

          SHA256

          7f51c43a4ab8c95ceea6011f8fa6ae6df9529ec08d4344430c323815a57ef4bb

          SHA512

          01f3c26784e2603fa1443f18539a75ed177a5868554b0fb43d027764ab3078cb77457b54008102e052c1bd419b7df9e2a2ad73c69a4eacf2e4b26da53d33e240

          Download Submit