Overview

overview

10

Static

static

1

BERN210819,pdf.exe

windows7_x64

7

BERN210819,pdf.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    24-09-2021 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BERN210819,pdf.exe

  • Size

    616KB

  • MD5

    4e84e3537287ca732e9faae1ffa27c19

  • SHA1

    1a467e5038acc974d00cabcef9ecf068f12d0e37

  • SHA256

    88f0241ee02cce35f746e793e2c00fd9f7527e12493361d402d5dc0c770c2723

  • SHA512

    aeec388a9b36b58c2453847c8d0ce43934b3e05f72b4addc15b0bcb40078a2c0f3b6fe4b3e30460e3d7fcb6c917d9aeb350ed767500052d35df1887958189f9a

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\BERN210819,pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\BERN210819,pdf.exe"
    1⤵
    • Loads dropped DLL
    PID:1756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsgC265.tmp\ybgawykltm.dll
    MD5

    7eb7bb72d35d47ce100611a5d9070bad

    SHA1

    57932df2c7e6de5c2bf8f6d3aa11f830ff4840f5

    SHA256

    73f5b73a7b02ab04cc15e4bd074ce4d38fa4ed77354f1a5937bd73bd5f48fb97

    SHA512

    2ced82575e24c2eac3c7b079ecafc1ff1880df5594671a4ab76b0c447af487eaaa9675d911cf9e7001e11356556e6af2b15f03a2001d5a2dd5e0e40b5f40b10d

    Download Submit
  • memory/1756-53-0x0000000076B61000-0x0000000076B63000-memory.dmp
    Filesize

    8KB

    Download