General
-
Target
Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe
-
Size
987KB
-
Sample
210122-2vxc4cszwa
-
MD5
da8bed719f41dabe788d0f930be0f6d5
-
SHA1
54c8b6dccdc20bf95b7a882f581d7c7e83899ff7
-
SHA256
c5e1093d78068e1e2290648c84b7b321d0d36c818f337dab7405732265a42ff5
-
SHA512
60debb7f16f5298612a6c8007c8c8d8f34846ca00191a3f67729835a09ed68b1b1642a590225d71c69030141e4028d1b7cc109491b64d73a755730f8d79dc8ce
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe
-
Size
987KB
-
MD5
da8bed719f41dabe788d0f930be0f6d5
-
SHA1
54c8b6dccdc20bf95b7a882f581d7c7e83899ff7
-
SHA256
c5e1093d78068e1e2290648c84b7b321d0d36c818f337dab7405732265a42ff5
-
SHA512
60debb7f16f5298612a6c8007c8c8d8f34846ca00191a3f67729835a09ed68b1b1642a590225d71c69030141e4028d1b7cc109491b64d73a755730f8d79dc8ce
Score5/10-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-