Analysis
-
max time kernel
73s -
max time network
23s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
25-09-2021 05:04
Static task
static1
Behavioral task
behavioral1
Sample
Orde.exe
Resource
win7-en-20210920
General
-
Target
Orde.exe
-
Size
253KB
-
MD5
3bb9e36eafb639d7e69659d549de50d2
-
SHA1
980383664a8dafa46990f23180330f5c805a14ce
-
SHA256
22a12f1f1043bd45a4579e40fded8f79fe405142c3306636480e13038ba59552
-
SHA512
01e5e3c8f22b7a8a3268ac5a082ea0ccb199a19d9a823652b74f4b1fa49ff17163542ed9b524261d24d70e3d585a3cd5e111d103ac81c697d6a5de442bf2c519
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Orde.exepid process 1232 Orde.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsbCDDA.tmp\qvkuo.dllMD5
1e8f9c520d8141741f2f31574995ff38
SHA147731ec3c9cf825adeb6ce96dd6700c999d5d2eb
SHA25660617bf81679eb269ae5c43827926af9b0f59bee9dfaae0cf3e675f68c49558b
SHA512d22f85874cbca25f7e6bcf2a32ddcf67b5c01536a063c395011dcabf78e09d37a3cf5669fbf9325e1d2c52835b266746267ac65fa32f4a81d195363c34791655
-
memory/1232-54-0x0000000074F81000-0x0000000074F83000-memory.dmpFilesize
8KB