Overview

overview

10

Static

static

1

BERN210819.exe

windows7_x64

7

BERN210819.exe

windows10_x64

10

Analysis

  • max time kernel
    397s
  • max time network
    382s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    24-09-2021 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BERN210819.exe

  • Size

    614KB

  • MD5

    5bc6fa2221eed7444ea7d51dea3d1b4e

  • SHA1

    e7509c6facf6b09971739123aeacd555d9fb64b5

  • SHA256

    8d20c36d499a614206967f9ffe68885a78aa2e7c718512a31b185bbaa529a4f6

  • SHA512

    b5d9efc7070a38d6d4dcbc015a931c6a5bc45356879abe118bf55b4f366533ca47fd94527c4e2ceb225ad3d2e34f0e7c4f7d59e1d0d4f18483dfcb9abab406d4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\BERN210819.exe
    "C:\Users\Admin\AppData\Local\Temp\BERN210819.exe"
    1⤵
    • Loads dropped DLL
    PID:1540

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsg9DD5.tmp\xvrlmglvtnb.dll
    MD5

    02f8787fdc824f7c77ce36b099c49d3e

    SHA1

    0c2071220aeef55aac18c7046cfb0e3816ac35ef

    SHA256

    efe3e128ae092ca256430703134726a18a1e033d17743699fafda97116b3aa0f

    SHA512

    78439a21655661d42371264ef202b0216737ca91128be80259a9f0d4dc868de17fe2c14c850136bf743f70e74badf381d147f119e8b1d491f2cf74dcdcd72f83

    Download Submit
  • memory/1540-53-0x0000000075A71000-0x0000000075A73000-memory.dmp
    Filesize

    8KB

    Download