Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2023, 12:07

General

  • Target

    Nueva Licitación·pdf.exe

  • Size

    694KB

  • MD5

    e139e86d62fbf7c936d7243f18161b95

  • SHA1

    ec350ff61126352132c96bbbf3e19f6670998aca

  • SHA256

    e1ac514b5cc907df4f0a6ed89cb6f17827302f89fd4cb95d8f8606b4d2e54d5b

  • SHA512

    d7357101df9a778e2302b2b6f1d12779428001613d17ad672747d84f2fe3f312703593405553376cdbb04210792131cdeb01935f503fd0822ae0e73554c708a0

  • SSDEEP

    12288:3FfNPXhuc7Uu1mk38CPV3z0srfJe5wAUYnrl4oLYaxZ/ZIWAz:rfkyUg8CPVfrBe5wAUYr2+YaxZGnz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nueva Licitación·pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Nueva Licitación·pdf.exe"
    1⤵
    • Loads dropped DLL
    PID:1536

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsj6C0F.tmp\System.dll

          Filesize

          11KB

          MD5

          0063d48afe5a0cdc02833145667b6641

          SHA1

          e7eb614805d183ecb1127c62decb1a6be1b4f7a8

          SHA256

          ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

          SHA512

          71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

        • \Users\Admin\AppData\Local\Temp\nsj6C0F.tmp\System.dll

          Filesize

          11KB

          MD5

          0063d48afe5a0cdc02833145667b6641

          SHA1

          e7eb614805d183ecb1127c62decb1a6be1b4f7a8

          SHA256

          ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

          SHA512

          71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

        • \Users\Admin\AppData\Local\Temp\nsj6C0F.tmp\System.dll

          Filesize

          11KB

          MD5

          0063d48afe5a0cdc02833145667b6641

          SHA1

          e7eb614805d183ecb1127c62decb1a6be1b4f7a8

          SHA256

          ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

          SHA512

          71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0