81be2b6a4673dcae9823b1235f4370471a2cdbb48ad7cad14926b09ce0e3e488

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-09-2022 06:20

Target

FATURA_013_1731pdf.exe
Size

313KB
MD5

382b984e3a091199d778f56ed7faf0d4
SHA1

33d56b2f918129b17f15a186994bd9092a50ea9f
SHA256

398a3ecbe96e1b4d131f6d367e36aac8e42a89c0f3ddf075fb28f5c6f3921cea
SHA512

23dcb35187fbcec620697ea720ee315b29f0a55256f0b51c03379074d783da8b5055e9263835060ddea9c09056725f8bcdb947cde112554f62472cc4b0b6ac24
SSDEEP

3072:nFYTUnLKvaVwYzI5PesvjhheNiB+ff0jMWDxLzW8a0TGZidy0OVrmC27PJutTZn:F1kal0PZVheNA+ff039W1xLhVrmPjJOd

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

FATURA_013_1731pdf.exe

pid process

1948 FATURA_013_1731pdf.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1948	FATURA_013_1731pdf.exe

C:\Users\Admin\AppData\Local\Temp\FATURA_013_1731pdf.exe
"C:\Users\Admin\AppData\Local\Temp\FATURA_013_1731pdf.exe"
1⤵
- Loads dropped DLL
PID:1948

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

\Users\Admin\AppData\Local\Temp\nsiF1F.tmp\System.dll
Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
memory/1948-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download
memory/1948-56-0x00000000036D0000-0x000000000382C000-memory.dmp

Filesize
1.4MB

Download