d9461e44f7e733f57fe3b98291531b4e506978b8a511d265c95d1d7715b3159b

Analysis

Target

Orden specifications_pdf.exe
Size

253KB
MD5

c95fe63506ee881dc52a785afa1afd59
SHA1

f82a362e2b732f8d7ce36b5ec23ccb4d52eac15d
SHA256

cb1140dd7751382a2d56c59755a2ff38b239805148af2d108cf4f1399ca0f753
SHA512

9fc1103f862c728a107ea9d0b83026e3d400c323bcccd25b548eaa73a2a0d329d05ce8da6bb81439109a8189a08a826e241cfe251e3010b6da631dad4793ec40

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

Orden specifications_pdf.exe

pid process

528 Orden specifications_pdf.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
528	Orden specifications_pdf.exe

C:\Users\Admin\AppData\Local\Temp\Orden specifications_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Orden specifications_pdf.exe"
1⤵
- Loads dropped DLL
PID:528

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\nsg4E4F.tmp\wkpy.dll

MD5
8f789a523145181f5d8db581d2335a6c

SHA1
8ccdb3de7cd8cca62f479a70669bfd1355a33cc5

SHA256
3fee841d37b1d765888c03ff08c2c6f68ce3a6192106d7f71bd33324501a42ba

SHA512
19958e41d0a3d4b2dc398297b144853db1bb0fc90a3f3cad03168c8dc49f6f58cafd420c502f2be8b51396d8b1271541e20fcb29b5400c2ec2d755dbb0baf6b8

Download Submit
memory/528-59-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download