ef8ba60c6be7cd3515efe898e2db8ab91e08be4d0e23457c7ddf79a56877df7b

Analysis

max time kernel
109s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

(RFQ- MRF343951 ) BULIM PHASE 2_pdf.exe
Size

324KB
MD5

0c4346089bbbed6b428a8bf3d3981f41
SHA1

2e6819ef32d20640b188ce4f782e295aab44fcb2
SHA256

ef8ba60c6be7cd3515efe898e2db8ab91e08be4d0e23457c7ddf79a56877df7b
SHA512

0a42878a5fccbf922e3f90e2cf4fd7cffaec1bf8a69427b380651026270f482fe1350239b55f982528c2f465d957fdf35dbff8298b07812dbf35cb8e5e9f20c1
SSDEEP

6144:3DkjYVetrEVkSsC2+VIIXbVNvIzc4jJJBYqOK2Cn2kOroIbvyk:Ac+CkxCNVIIXJNIzfjJnYqrlXOrhD

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3896	(RFQ- MRF343951 ) BULIM PHASE 2_pdf.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Kamgarnsstoffers106\Pseudoallelism.Pri	(RFQ- MRF343951 ) BULIM PHASE 2_pdf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\(RFQ- MRF343951 ) BULIM PHASE 2_pdf.exe
"C:\Users\Admin\AppData\Local\Temp\(RFQ- MRF343951 ) BULIM PHASE 2_pdf.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:3896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nso9291.tmp\System.dll

Filesize
11KB

MD5
b0c77267f13b2f87c084fd86ef51ccfc

SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

Download Submit