Overview

overview

5

Static

static

Purchase-O...df.exe

windows7_x64

5

Purchase-O...df.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe

  • Size

    987KB

  • Sample

    210122-2vxc4cszwa

  • MD5

    da8bed719f41dabe788d0f930be0f6d5

  • SHA1

    54c8b6dccdc20bf95b7a882f581d7c7e83899ff7

  • SHA256

    c5e1093d78068e1e2290648c84b7b321d0d36c818f337dab7405732265a42ff5

  • SHA512

    60debb7f16f5298612a6c8007c8c8d8f34846ca00191a3f67729835a09ed68b1b1642a590225d71c69030141e4028d1b7cc109491b64d73a755730f8d79dc8ce

Score
5/10
ransomware

Malware Config

Targets

    • Target

      Purchase-Order-PO-85607CH-Quote,pdf.exePurchase-Order-PO-85607CH-Quote,pdf.exe

    • Size

      987KB

    • MD5

      da8bed719f41dabe788d0f930be0f6d5

    • SHA1

      54c8b6dccdc20bf95b7a882f581d7c7e83899ff7

    • SHA256

      c5e1093d78068e1e2290648c84b7b321d0d36c818f337dab7405732265a42ff5

    • SHA512

      60debb7f16f5298612a6c8007c8c8d8f34846ca00191a3f67729835a09ed68b1b1642a590225d71c69030141e4028d1b7cc109491b64d73a755730f8d79dc8ce

    Score
    5/10
    ransomware

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks