Analysis
-
max time kernel
2s -
max time network
27s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
31-01-2022 13:41
Static task
static1
Behavioral task
behavioral1
Sample
new_po_098847excel.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
new_po_098847excel.exe
Resource
win10v2004-en-20220113
General
-
Target
new_po_098847excel.exe
-
Size
608KB
-
MD5
941bf5aee26ff5069ee30be727d3371b
-
SHA1
1fd3ef2cd0294bd0c9d00d6221da50e3015111c3
-
SHA256
0daa09469850448a4e784e04448e25ebd6e7bdc26d61e0017a3ae602025da1bb
-
SHA512
01d47239d868d7075235fc6d91e2e987dc476b32923f729f74891ab219767a6eda5d2253e33be2e846f7f19ad42c495077d7641bd19652fffb081b73fc2a7a2d
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
new_po_098847excel.exepid process 2804 new_po_098847excel.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsd3A1A.tmp\utfnocnmrel.dllMD5
736fc3b69e117dd2cfd7858606362059
SHA1201e31025f33a5cafe699b53234268a2144782fb
SHA25676b9ab99218c413a774620ff0dded40a227f0aaadc7a3831464b22e346054533
SHA5121d07b2b06bfe06bb446160d03d97d4383bba583c3eec86ebbad87d3913b22168af495763d750e677612ec20803dacb3bd609c143b00ab54aafdf0f38c82928ca