Analysis
-
max time kernel
300s -
max time network
300s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
07-11-2021 14:09
Static task
static1
Behavioral task
behavioral1
Sample
$10,500...payment.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
$10,500...payment.exe
Resource
win10-en-20211104
Behavioral task
behavioral3
Sample
Microsoft offic-.exe
Resource
win7-en-20211014
Behavioral task
behavioral4
Sample
Microsoft offic-.exe
Resource
win10-en-20211104
General
-
Target
$10,500...payment.exe
-
Size
362KB
-
MD5
b4503d42c881483231526eb323664d09
-
SHA1
9a8b487d92dd811108c6389d0a44b4a732950ccc
-
SHA256
bcdd4effb61279070652ca7ef77f7ffd5dfb9d8f59dfcea10795ea265e3eb22f
-
SHA512
5d31d88a3165cb5d4613d3c2477b804c1c6473c203fa8ba2473aa4948f2d263316b7cdf493b36edc58719e24dd4cefd2e9aca4cc42f2cb2616b9bebb819a48fe
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
$10,500...payment.exepid process 1544 $10,500...payment.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nso1843.tmp\glpmgxfxo.dllMD5
7649db26e2a2e4743a4aeb726eae1550
SHA188d0213b224b39802699a39cba1044978cfc14a8
SHA25626c60ad098e1d2876db0ba32069930748b65cc89304cce4b0da5a07e1400c6ce
SHA51264129f6198c4fa8ae28ddf247a0e3b3e17d3165bff1929f324e4b98ea2831edf46306a3a971275c753bd75bc0a577825bad82a486bbec942a5c57bfdfbca80d5
-
memory/1544-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmpFilesize
8KB