Analysis
-
max time kernel
90s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 12:32
Static task
static1
Behavioral task
behavioral1
Sample
Abrir - Comprovante_NF-03-10-2014.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Abrir - Comprovante_NF-03-10-2014.exe
Resource
win10v2004-20220812-en
General
-
Target
Abrir - Comprovante_NF-03-10-2014.exe
-
Size
128KB
-
MD5
d9879bbecd628e43f0ccb1589c6bd03c
-
SHA1
dec6a0b0f4598d7e89649fba5c97dd2b337b0f45
-
SHA256
1f205d3375bbaf39598e1021f37dd7c03817753ce40d6d928efeb86a4c7096f2
-
SHA512
709b5f3e89667a4868db7c4c716e6ba1a477ce865e93cf3bcbb82144a9d577c73897b098dd2963c451424a9c014a73b45528f89987882a9e1735eeb9f937f499
-
SSDEEP
1536:b2cqxtPtH4zghkrP7yr5YA468osozmWQF1XOLVume9rPQaCU5j:b0xtPZ4Akr1ROI9kaCU5j
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Abrir - Comprovante_NF-03-10-2014.exepid process 4772 Abrir - Comprovante_NF-03-10-2014.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Abrir - Comprovante_NF-03-10-2014.exepid process 4772 Abrir - Comprovante_NF-03-10-2014.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\InstCheck.dllFilesize
24KB
MD582e6f0d32f562ca5eac3dabc49f2f9c9
SHA161bed043bdc056426159b572c347a45aeb99abeb
SHA2568212c03e7dafe28ec6bb909f59b87c3eb73b691fd2224e83ffdc5af5c55fe05a
SHA5126d3e4e065025db23060c531b49a63161bbdc99c235a4583b83aec8b841b9ca2f6affcbcaf1e3959210f475307f714cc949e0015e6d3655ed65db49cdd57fcd9b