Resubmissions

08/07/2025, 08:09

250708-j16kvavwcx 10

04/07/2025, 04:30

250704-e483xsap8v 10

13/05/2024, 10:29

240513-mjfjwabd28 10

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/05/2024, 10:29

General

  • Target

    323CANON.EXE_WORM_VOBFUS.exe

  • Size

    300KB

  • MD5

    70f0b7bd55b91de26f9ed6f1ef86b456

  • SHA1

    d774cdaa9082ac15feb9514e7364d76092a6807a

  • SHA256

    fe32599d6f2d1a874b65928cfd01a87f9d0a83d2b1e30b8f1148c8ad8aefd985

  • SHA512

    3928885f382a5f833eb2c2b4641b8227138dce4cb161cae3049e837ba13384119ec8aaf70c6e85c99583c07db18bbaab77e19bdc3485f9e23adb3be3d0ab7912

  • SSDEEP

    3072:XMIQ/iifD4gfGWKdbKsQOO1HobSp0xl6EPpc4VpJzNDdlcjBPZz:XBciib4gfGWcmsQobG0xlfPpndiVPB

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\323CANON.EXE_WORM_VOBFUS.exe
    "C:\Users\Admin\AppData\Local\Temp\323CANON.EXE_WORM_VOBFUS.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\rfqieb.exe
      "C:\Users\Admin\rfqieb.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\rfqieb.exe

          Filesize

          300KB

          MD5

          3d2bfefedd9c6ca71478e529b119a2fd

          SHA1

          b5959f5110baa7690c5e9157689d5efb325d1a79

          SHA256

          8c996dae289fa90ad3113f16e4dfec553fe7ac94f1e59a5ce2bcc90f5be0e3e8

          SHA512

          a20fc03651c88bf14c190dcb483201cbbf7b4d018e74cd5eb8b4222b0a525a7406de554c5a6c2cde57d6b7f1e1dfd05dd0220230cdc5ce344eabeb44e00da7de