Analysis
-
max time kernel
397s -
max time network
382s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
24-09-2021 07:34
Static task
static1
Behavioral task
behavioral1
Sample
BERN210819.exe
Resource
win7-en-20210920
General
-
Target
BERN210819.exe
-
Size
614KB
-
MD5
5bc6fa2221eed7444ea7d51dea3d1b4e
-
SHA1
e7509c6facf6b09971739123aeacd555d9fb64b5
-
SHA256
8d20c36d499a614206967f9ffe68885a78aa2e7c718512a31b185bbaa529a4f6
-
SHA512
b5d9efc7070a38d6d4dcbc015a931c6a5bc45356879abe118bf55b4f366533ca47fd94527c4e2ceb225ad3d2e34f0e7c4f7d59e1d0d4f18483dfcb9abab406d4
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
BERN210819.exepid process 1540 BERN210819.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsg9DD5.tmp\xvrlmglvtnb.dllMD5
02f8787fdc824f7c77ce36b099c49d3e
SHA10c2071220aeef55aac18c7046cfb0e3816ac35ef
SHA256efe3e128ae092ca256430703134726a18a1e033d17743699fafda97116b3aa0f
SHA51278439a21655661d42371264ef202b0216737ca91128be80259a9f0d4dc868de17fe2c14c850136bf743f70e74badf381d147f119e8b1d491f2cf74dcdcd72f83
-
memory/1540-53-0x0000000075A71000-0x0000000075A73000-memory.dmpFilesize
8KB