Analysis
-
max time kernel
4264951s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-01-2022 16:27
General
-
Target
Cotizaciónpdf.exe
-
Size
245KB
-
MD5
3fe29e21698212a70e03144bb4979632
-
SHA1
b400de247096542b778aa7ed7584f6829b5bbf4e
-
SHA256
c42005e0a00c3ecbaff6c1189ca8b6f1298a818878ceaebb623585c399c8ba81
-
SHA512
a37080b42f317bcaf288acc2ede4fd178bf8227a6f0650b61378e829458fb26808f6fb64250e32bb737f583ddb75264c1fde488e31ceb57d7890005f04ab723d
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Cotizaciónpdf.exe"C:\Users\Admin\AppData\Local\Temp\Cotizaciónpdf.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Cotizaciónpdf.exe"C:\Users\Admin\AppData\Local\Temp\Cotizaciónpdf.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsh7ADB.tmp\tjbqk.dllMD5
eed28d9a6df23d102eb1e7db08e9b8a8
SHA1b1ea3474da51812f436c0d65178aaee00c916628
SHA2562107ef7267ead9add2cbd586f121a505dcc92db08f9e61d6e2ccca056d4deed5
SHA5128b133190af32cf0b5c0c5e1b93d84c3ae1a9494ebd0419cd911784804e74232fa15ad4f6d787e897af05e90dd2801772c03dea1282ded7921af25eb0fbe353ab
-
memory/3536-131-0x0000000000000000-mapping.dmp
-
memory/3536-132-0x0000000000400000-0x00000000004A2000-memory.dmpFilesize
648KB