Overview

overview

10

Static

static

1

$10,500...payment.exe

windows7_x64

7

$10,500...payment.exe

windows10_x64

10

Microsoft offic-.exe

windows7_x64

7

Microsoft offic-.exe

windows10_x64

10

Analysis

  • max time kernel
    300s
  • max time network
    300s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    07-11-2021 14:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $10,500...payment.exe

  • Size

    362KB

  • MD5

    b4503d42c881483231526eb323664d09

  • SHA1

    9a8b487d92dd811108c6389d0a44b4a732950ccc

  • SHA256

    bcdd4effb61279070652ca7ef77f7ffd5dfb9d8f59dfcea10795ea265e3eb22f

  • SHA512

    5d31d88a3165cb5d4613d3c2477b804c1c6473c203fa8ba2473aa4948f2d263316b7cdf493b36edc58719e24dd4cefd2e9aca4cc42f2cb2616b9bebb819a48fe

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\$10,500...payment.exe
    "C:\Users\Admin\AppData\Local\Temp\$10,500...payment.exe"
    1⤵
    • Loads dropped DLL
    PID:1544

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso1843.tmp\glpmgxfxo.dll
    MD5

    7649db26e2a2e4743a4aeb726eae1550

    SHA1

    88d0213b224b39802699a39cba1044978cfc14a8

    SHA256

    26c60ad098e1d2876db0ba32069930748b65cc89304cce4b0da5a07e1400c6ce

    SHA512

    64129f6198c4fa8ae28ddf247a0e3b3e17d3165bff1929f324e4b98ea2831edf46306a3a971275c753bd75bc0a577825bad82a486bbec942a5c57bfdfbca80d5

    Download Submit
  • memory/1544-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp
    Filesize

    8KB

    Download