Resubmissions

09-10-2023 22:49

231009-2rzp2sba27 10

30-03-2020 14:54

200330-hma22cptpa 10

Analysis

  • max time kernel
    226s
  • max time network
    109s
  • platform
    windows7_x64
  • resource
    win7v200217
  • submitted
    30-03-2020 14:54

General

  • Target

    Compito matematica.pdf.exe

  • Size

    606KB

  • MD5

    4e890ba5a4f6fd63727c0005daa654dd

  • SHA1

    e9ade30c93942c3f5928522552dd01eb25a9e9db

  • SHA256

    e1c7d34fc0138d018f9e947af3dac7ec4d0fe9751dd1bc4424b185a92ca4bc51

  • SHA512

    177badec70b21ed1b94a8a235535249c94b72e21fc62bae1e8c32e44b9495006687a2ef7545256ddaa2c167d870515de45e9aea524e3081135fa901532af6477

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run entry to start application 2 TTPs 1 IoCs
  • Jigsaw

    Ransomware family first created in 2016. Named based on wallpaper set after infection.

  • Drops file in Program Files directory 4868 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Compito matematica.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Compito matematica.pdf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Adds Run entry to start application
    PID:1836
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Compito?matematica.pdf.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads