Overview

overview

10

Static

static

1

NEW PURCHA...DF.exe

windows7-x64

8

NEW PURCHA...DF.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    13s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2022 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEW PURCHASE ORDER_PDF.exe

  • Size

    694KB

  • MD5

    cd2b13a269e4c6a8838a2fc606569368

  • SHA1

    afcabd48a8d7ae1fa1087c352b4c4418a40096da

  • SHA256

    4fe14578d232d798a8aa4564ac8721be8d05b85ea32e7a85f97de0f34abcff7e

  • SHA512

    c41a582d09e07b2a8004622892ceaa378965f03163d1a6a26551ee7df19af055d0eb78b2b77dad484ca2d266a6ac7162b0c75852d056ebe27734d69e1fdba11b

  • SSDEEP

    6144:7Bn1pkNz07AFqV5/kcbVJloA/NpZbFjOKMvMi7su/zmXF874Ns:P5/bZJTpiKMkKsunES

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEW PURCHASE ORDER_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\NEW PURCHASE ORDER_PDF.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\gpouag.exe
      "C:\Users\Admin\AppData\Local\Temp\gpouag.exe" C:\Users\Admin\AppData\Local\Temp\zorka.ir
      2⤵
      • Executes dropped EXE
      PID:952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gpouag.exe
    Filesize

    122KB

    MD5

    5be29d100860158694ee768e1855ac46

    SHA1

    9d28cc2f924c023bd1df48e55de91f5e072882ed

    SHA256

    74799a8a7a9781b454cfa3cb4db22e4688caae93ab3377c11c5102cc75a06ce1

    SHA512

    803db43f9e38d8d699912400de15578bcd47d0da6884a0662668ebf4fa096aae9acf846fa02009f3694e1803f148d9532a775a501604489057c8df700dfb8fa7

    Download Submit
  • \Users\Admin\AppData\Local\Temp\gpouag.exe
    Filesize

    122KB

    MD5

    5be29d100860158694ee768e1855ac46

    SHA1

    9d28cc2f924c023bd1df48e55de91f5e072882ed

    SHA256

    74799a8a7a9781b454cfa3cb4db22e4688caae93ab3377c11c5102cc75a06ce1

    SHA512

    803db43f9e38d8d699912400de15578bcd47d0da6884a0662668ebf4fa096aae9acf846fa02009f3694e1803f148d9532a775a501604489057c8df700dfb8fa7

    Download Submit
  • memory/952-56-0x0000000000000000-mapping.dmp
    Download
  • memory/2040-54-0x00000000753F1000-0x00000000753F3000-memory.dmp
    Filesize

    8KB

    Download