Analysis
-
max time kernel
150s -
max time network
27s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
24-09-2021 10:41
Static task
static1
Behavioral task
behavioral1
Sample
BERN210819,pdf.exe
Resource
win7-en-20210920
General
-
Target
BERN210819,pdf.exe
-
Size
616KB
-
MD5
4e84e3537287ca732e9faae1ffa27c19
-
SHA1
1a467e5038acc974d00cabcef9ecf068f12d0e37
-
SHA256
88f0241ee02cce35f746e793e2c00fd9f7527e12493361d402d5dc0c770c2723
-
SHA512
aeec388a9b36b58c2453847c8d0ce43934b3e05f72b4addc15b0bcb40078a2c0f3b6fe4b3e30460e3d7fcb6c917d9aeb350ed767500052d35df1887958189f9a
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
BERN210819,pdf.exepid process 1756 BERN210819,pdf.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsgC265.tmp\ybgawykltm.dllMD5
7eb7bb72d35d47ce100611a5d9070bad
SHA157932df2c7e6de5c2bf8f6d3aa11f830ff4840f5
SHA25673f5b73a7b02ab04cc15e4bd074ce4d38fa4ed77354f1a5937bd73bd5f48fb97
SHA5122ced82575e24c2eac3c7b079ecafc1ff1880df5594671a4ab76b0c447af487eaaa9675d911cf9e7001e11356556e6af2b15f03a2001d5a2dd5e0e40b5f40b10d
-
memory/1756-53-0x0000000076B61000-0x0000000076B63000-memory.dmpFilesize
8KB