Overview

overview

8

Static

static

Apache_Ope...es.exe

windows7-x64

8

Apache_Ope...es.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2023, 03:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Apache_OpenOffice_4.1.13_Win_x86_install_es.exe

  • Size

    125.6MB

  • MD5

    c9951f2d5caac8256213b82c2cb6ae6f

  • SHA1

    d76a5e24896606875ef89d12d4e3d90b3b6361e0

  • SHA256

    813d81ed71be50496fcf3fa21409bab06ad586950f5ac47530045bed5f94883d

  • SHA512

    f28bca5b9830432ba563a6a6ed46cdfe0eb284198ae007f969367d586758f50f2439c366939be5dabd863d35d4bc8d75bbedd25cbc6e3cbce47f87317d46a9de

  • SSDEEP

    3145728:c8BRTVKFlYz8BFu4XhGr9gLoLgsoY/F97FpdIoIRCmGL3Fmqm:fBx6P5ohgLe/F9h3ERCl3st

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.13_Win_x86_install_es.exe
    "C:\Users\Admin\AppData\Local\Temp\Apache_OpenOffice_4.1.13_Win_x86_install_es.exe"
    1⤵
    • Loads dropped DLL
    PID:4780

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsbFEC8.tmp\InstallOptions.dll
          Filesize

          15KB

          MD5

          ece25721125d55aa26cdfe019c871476

          SHA1

          b87685ae482553823bf95e73e790de48dc0c11ba

          SHA256

          c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

          SHA512

          4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsbFEC8.tmp\InstallOptions.dll
          Filesize

          15KB

          MD5

          ece25721125d55aa26cdfe019c871476

          SHA1

          b87685ae482553823bf95e73e790de48dc0c11ba

          SHA256

          c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

          SHA512

          4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

          Download Submit