Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-09-2022 06:20
Static task
static1
Behavioral task
behavioral1
Sample
FATURA_013_1731pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FATURA_013_1731pdf.exe
Resource
win10v2004-20220812-en
General
-
Target
FATURA_013_1731pdf.exe
-
Size
313KB
-
MD5
382b984e3a091199d778f56ed7faf0d4
-
SHA1
33d56b2f918129b17f15a186994bd9092a50ea9f
-
SHA256
398a3ecbe96e1b4d131f6d367e36aac8e42a89c0f3ddf075fb28f5c6f3921cea
-
SHA512
23dcb35187fbcec620697ea720ee315b29f0a55256f0b51c03379074d783da8b5055e9263835060ddea9c09056725f8bcdb947cde112554f62472cc4b0b6ac24
-
SSDEEP
3072:nFYTUnLKvaVwYzI5PesvjhheNiB+ff0jMWDxLzW8a0TGZidy0OVrmC27PJutTZn:F1kal0PZVheNA+ff039W1xLhVrmPjJOd
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
FATURA_013_1731pdf.exepid process 1948 FATURA_013_1731pdf.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsiF1F.tmp\System.dllFilesize
11KB
MD57399323923e3946fe9140132ac388132
SHA1728257d06c452449b1241769b459f091aabcffc5
SHA2565a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
SHA512d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
-
memory/1948-54-0x0000000075F51000-0x0000000075F53000-memory.dmpFilesize
8KB
-
memory/1948-56-0x00000000036D0000-0x000000000382C000-memory.dmpFilesize
1.4MB