16e30f56cbf8e2589921e72f91f38f5a58dc34f08cbbee9a8f30a1217bad7d9c

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2022 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Justificante de Transferencia.exe
Size

676KB
MD5

c7c3c92c0fe1327364cec3b07a2ea67b
SHA1

b6ae46a2eeb1f358dd002c079e94535c6a90f06a
SHA256

16e30f56cbf8e2589921e72f91f38f5a58dc34f08cbbee9a8f30a1217bad7d9c
SHA512

d1abb90f5ba7bc7d5941800aecc0420cadd813e60e8a9bcadff434eda7a7dc0690b29a99b84b1f84544a914485bdff006c07b71a6cdb80885cdaed9105737c91
SSDEEP

12288:vGqOASmlww9hVnMXuKQd0j7Mkqyspq8/DcioEXI5j0Kkmd:eqOASmlww9hVnxvd0vPqf7FfXIlPd

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4960	Justificante de Transferencia.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Bagtrops\Energiproduktions99\Cykelstyrstaske218.Mah	Justificante de Transferencia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Justificante de Transferencia.exe
"C:\Users\Admin\AppData\Local\Temp\Justificante de Transferencia.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:4960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoC559.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
memory/4960-133-0x0000000004570000-0x0000000004671000-memory.dmp

Filesize
1.0MB

Download
memory/4960-134-0x0000000004570000-0x0000000004671000-memory.dmp

Filesize
1.0MB

Download