Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-02-2023 08:15
Static task
static1
Behavioral task
behavioral1
Sample
New Order JulyAugustt64756656565656565665657575775757565656656475655.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
New Order JulyAugustt64756656565656565665657575775757565656656475655.exe
Resource
win10v2004-20220812-en
General
-
Target
New Order JulyAugustt64756656565656565665657575775757565656656475655.exe
-
Size
540KB
-
MD5
84f6339907ba606ab1afde33338fe8d8
-
SHA1
a27c6980b95bb679baaab9ad969835c0f71a780d
-
SHA256
bcdb274451f48730b2bacbde5d8b679ec9c7446c630aecd513f3c27fad909b90
-
SHA512
7b794a091a20791f3715e1baa9d267ff3bf3f31eb459956d75f60af7f4000d06e073317e4bc8198f88c9a2f68dba658140941345b520f93d80c7de9dcb835a45
-
SSDEEP
12288:yq9fUwfzbkVa8UTdi3aclAwxrcTW3dFD4kLUHzrB:D9swbsXUZHwhWW3dWTHX
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 2 IoCs
Processes:
New Order JulyAugustt64756656565656565665657575775757565656656475655.exepid process 2564 New Order JulyAugustt64756656565656565665657575775757565656656475655.exe 2564 New Order JulyAugustt64756656565656565665657575775757565656656475655.exe -
Drops file in Program Files directory 1 IoCs
Processes:
New Order JulyAugustt64756656565656565665657575775757565656656475655.exedescription ioc process File opened for modification C:\Program Files (x86)\Barometrisk.Lan New Order JulyAugustt64756656565656565665657575775757565656656475655.exe -
Drops file in Windows directory 3 IoCs
Processes:
New Order JulyAugustt64756656565656565665657575775757565656656475655.exedescription ioc process File created C:\Windows\resources\0409\Speared\Leukocidic.lnk New Order JulyAugustt64756656565656565665657575775757565656656475655.exe File opened for modification C:\Windows\Vatikanstat\Moritzs\Lockups.Pag98 New Order JulyAugustt64756656565656565665657575775757565656656475655.exe File opened for modification C:\Windows\Fonts\Grkerens170\Boretaarn\Plutarchy\Remnant.Ran New Order JulyAugustt64756656565656565665657575775757565656656475655.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
-
C:\Users\Admin\AppData\Local\Temp\New Order JulyAugustt64756656565656565665657575775757565656656475655.exe"C:\Users\Admin\AppData\Local\Temp\New Order JulyAugustt64756656565656565665657575775757565656656475655.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\Math.dllFilesize
66KB
MD570ba99745542354a2efcb1c2f167b62b
SHA18b18bc8d3e6e52222baef7ab7ab125436ef5c966
SHA256711427242bff919c78fbba2b298b5d5898f75d73f1d7f4c4eb22badf525864a5
SHA512e3504a8d8d2b8793078f6a1f6297fb4c017eaee58360882ea063ab717d11841f2effcec1ba6fada449d1cc491dea35c9a9512237fcdfaf6b55f70f95e9a4d085
-
C:\Users\Admin\AppData\Local\Temp\nsg6557.tmp\System.dllFilesize
12KB
MD5792b6f86e296d3904285b2bf67ccd7e0
SHA1966b16f84697552747e0ddd19a4ba8ab5083af31
SHA256c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917
SHA51297edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c
-
memory/2564-134-0x0000000004F30000-0x0000000005130000-memory.dmpFilesize
2.0MB
-
memory/2564-135-0x0000000004F30000-0x0000000005130000-memory.dmpFilesize
2.0MB