Overview

overview

7

Static

static

SOLICITUD ...TA.exe

windows7-x64

7

SOLICITUD ...TA.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    24s
  • max time network
    17s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 14:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SOLICITUD DE OFERTA.exe

  • Size

    411KB

  • MD5

    2c42280065c4b3867b6a05a775df165c

  • SHA1

    e8499c5ffb03beed273d3ef568d2e4b18ced5c78

  • SHA256

    13d90b21a225ff66b005c2f0d70f33bf76e7108f37e383875c814a4cd245b3b4

  • SHA512

    8f212bc320f6401489d5870f71a0808f3e6c1d7deefd9020dc8d22e900c83ffc2ec2444e953f961cf9dc5fa232aa5bd6a4b19ae3ad9e0171e088d7f5591b1cff

  • SSDEEP

    12288:Agv+XUDfKt2aTbeLludgriTtBTbzA04OiEN/+MLa:Yt1/eLlQxRBXzn45E5C

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SOLICITUD DE OFERTA.exe
    "C:\Users\Admin\AppData\Local\Temp\SOLICITUD DE OFERTA.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3228
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c echo C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Uindfriedes126\Indtrdelsens178\Overdiffusing.Geo
      2⤵
        PID:3856

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nszC76D.tmp\System.dll
            Filesize

            11KB

            MD5

            fc3772787eb239ef4d0399680dcc4343

            SHA1

            db2fa99ec967178cd8057a14a428a8439a961a73

            SHA256

            9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed

            SHA512

            79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nszC76D.tmp\nsExec.dll
            Filesize

            6KB

            MD5

            1b76bca7bef0f515d39f31e3c084f31d

            SHA1

            92705562f13db5967e66624286f8291477b7b217

            SHA256

            80b76b73d2d143b5db4e2d2e24438a68647ae96ac37289415c1caef5c2ed63d3

            SHA512

            eab2b02b4bdd421e9f4c8bc3ed42b2ff66cc1a2a7ce93a7fe0174bc92e55a6fbc51c0ea65070603208ffb54330cf3e772db5cc1a6c410efa52697e5f5bcc292d

            Download Submit

          • memory/3228-135-0x0000000003270000-0x0000000003371000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/3228-136-0x0000000003270000-0x0000000003371000-memory.dmp

            Filesize

            1.0MB

            Download