Overview

overview

7

Static

static

Abrir - Co...14.exe

windows7-x64

7

Abrir - Co...14.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Abrir - Comprovante_NF-03-10-2014.exe

  • Size

    128KB

  • MD5

    d9879bbecd628e43f0ccb1589c6bd03c

  • SHA1

    dec6a0b0f4598d7e89649fba5c97dd2b337b0f45

  • SHA256

    1f205d3375bbaf39598e1021f37dd7c03817753ce40d6d928efeb86a4c7096f2

  • SHA512

    709b5f3e89667a4868db7c4c716e6ba1a477ce865e93cf3bcbb82144a9d577c73897b098dd2963c451424a9c014a73b45528f89987882a9e1735eeb9f937f499

  • SSDEEP

    1536:b2cqxtPtH4zghkrP7yr5YA468osozmWQF1XOLVume9rPQaCU5j:b0xtPZ4Akr1ROI9kaCU5j

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Abrir - Comprovante_NF-03-10-2014.exe
    "C:\Users\Admin\AppData\Local\Temp\Abrir - Comprovante_NF-03-10-2014.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4772

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\InstCheck.dll
    Filesize

    24KB

    MD5

    82e6f0d32f562ca5eac3dabc49f2f9c9

    SHA1

    61bed043bdc056426159b572c347a45aeb99abeb

    SHA256

    8212c03e7dafe28ec6bb909f59b87c3eb73b691fd2224e83ffdc5af5c55fe05a

    SHA512

    6d3e4e065025db23060c531b49a63161bbdc99c235a4583b83aec8b841b9ca2f6affcbcaf1e3959210f475307f714cc949e0015e6d3655ed65db49cdd57fcd9b

    Download Submit