BERN210819pdf.iso

General
Target

BERN210819,pdf.exe

Filesize

616KB

Completed

24-09-2021 10:44

Score
7 /10
MD5

4e84e3537287ca732e9faae1ffa27c19

SHA1

1a467e5038acc974d00cabcef9ecf068f12d0e37

SHA256

88f0241ee02cce35f746e793e2c00fd9f7527e12493361d402d5dc0c770c2723

Malware Config
Signatures 2

Filter: none

Discovery
  • Loads dropped DLL
    BERN210819,pdf.exe

    Reported IOCs

    pidprocess
    1756BERN210819,pdf.exe
  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\BERN210819,pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\BERN210819,pdf.exe"
    Loads dropped DLL
    PID:1756
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Replay Monitor
                        00:00 00:00
                        Downloads
                        • \Users\Admin\AppData\Local\Temp\nsgC265.tmp\ybgawykltm.dll

                          MD5

                          7eb7bb72d35d47ce100611a5d9070bad

                          SHA1

                          57932df2c7e6de5c2bf8f6d3aa11f830ff4840f5

                          SHA256

                          73f5b73a7b02ab04cc15e4bd074ce4d38fa4ed77354f1a5937bd73bd5f48fb97

                          SHA512

                          2ced82575e24c2eac3c7b079ecafc1ff1880df5594671a4ab76b0c447af487eaaa9675d911cf9e7001e11356556e6af2b15f03a2001d5a2dd5e0e40b5f40b10d

                        • memory/1756-53-0x0000000076B61000-0x0000000076B63000-memory.dmp