Analysis
-
max time kernel
100s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 03:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2ªVia_Boleto_pendente fatura.pagamento.PDF.exe
Resource
win7-20220901-en
windows7-x64
5 signatures
150 seconds
General
-
Target
2ªVia_Boleto_pendente fatura.pagamento.PDF.exe
-
Size
929KB
-
MD5
a4755eadd56d1130931f6c7db3ec6e28
-
SHA1
21aac5710e38f2b693f4343524cd5c4789500304
-
SHA256
aa9cf159f8ef806b37fd9ab7ff627c697f0c5daa9ded02379a7ccf97bc3931f3
-
SHA512
fe3ef3192a888d4d7c64ffe55654c211f79e4ca86c16f73c4484eb0e28f812dddf042ce0f214494d85b2c3f53a0fc8e809a368953c821630cac1246e6c981e29
-
SSDEEP
12288:Htb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgazFSnRPpu6A:Htb20pkaCqT5TBWgNQ7az8nJpu6A
Malware Config
Signatures
-
Processes:
2ªVia_Boleto_pendente fatura.pagamento.PDF.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2ªVia_Boleto_pendente fatura.pagamento.PDF.exe -
Processes:
2ªVia_Boleto_pendente fatura.pagamento.PDF.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2ªVia_Boleto_pendente fatura.pagamento.PDF.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
NTFS ADS 1 IoCs
Processes:
2ªVia_Boleto_pendente fatura.pagamento.PDF.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Local\Temp\winmgmts:\localhost\root\cimv2 2ªVia_Boleto_pendente fatura.pagamento.PDF.exe -
System policy modification 1 TTPs 2 IoCs
Processes:
2ªVia_Boleto_pendente fatura.pagamento.PDF.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 2ªVia_Boleto_pendente fatura.pagamento.PDF.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 2ªVia_Boleto_pendente fatura.pagamento.PDF.exe