d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d | Triage

Analysis

max time kernel
19s
max time network
25s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
07-02-2022 08:00

Sharing

Report Analysis Logs

General

Target

Order-9411574-pdf.exe
Size

249KB
MD5

58e91c804bf83bcb330d64d87bdd7abf
SHA1

9f00f81e64cbe3445a1f3f5f24976d736e8543ca
SHA256

d0d523bb3e44390067122f5b4768ee44811c00f14a344dd70e71d4c2bcf4962d
SHA512

aaf401d5f4a35325677ba978d170204d1305759c763b3d345d2817080cfb0707acb3703548f29db2c520faf3f2ba8835adeec435da59dfea1d3c03527f400ddb

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

Order-9411574-pdf.exe

pid process

3624 Order-9411574-pdf.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Order-9411574-pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Order-9411574-pdf.exe"
1⤵
- Loads dropped DLL
PID:3624

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw9068.tmp\rgjrdod.dll
MD5
ad3bbea4e6415e4e6f83a2ec08335163

SHA1
46502c9542dcfdf95951eef320fef39490d11d98

SHA256
69fca02cde90fc973b6e4b158966598fbad391c117b94b9ed52315e770354a37

SHA512
00247d66d597515f238161a23759f78a4330d6410414a60fbf9cc2b0501c96d833ce4191cc72c6b6ee2902f14f809fd7b1f161a6f4b6516df0b0195b3e7c7c09

Download Submit