Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
05-11-2021 13:38
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER 2021.exe
Resource
win7-en-20211014
General
-
Target
NEW ORDER 2021.exe
-
Size
307KB
-
MD5
e6bd805df7bb8a90503c4b1f5784bd3c
-
SHA1
51d0e6942ca0732c5a3f2e2876d9216236bfc178
-
SHA256
dd07d6d24f528663fa5cb854c523d5ba2b096a9b3dc23b466cef94355f0cdec9
-
SHA512
f715ddcf9c169cbb2073f7e80afc151c09605717202da13b3eb40841077c2bbbbea4b996b13ca31abd1d6f38e89e583de9c1db7ad908ff5245299e95cc0625a5
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
NEW ORDER 2021.exepid process 684 NEW ORDER 2021.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsoF6D.tmp\qyspb.dllMD5
22a23f902e2e0860cf41e1534461282d
SHA1290d37c360cbcd823a43be36b92d84cd2e69f9fe
SHA2567038059f5e4caa6f5c64129f562cc7d406859c66bf5cee59025c0afc7ca80c66
SHA512ad766d2d8ca97e8703ee93a7a0557d32909c7014ae3f438a9327d9b204f099ca83a5831b797a425393711075f3a773c662b4e21e13e7051ad093f0cefab65df6
-
memory/684-55-0x0000000075D41000-0x0000000075D43000-memory.dmpFilesize
8KB