bc816501512c5b69adb343481c6db7a94b319b0f5c6bf16677296293b525ef91

Analysis

max time kernel
146s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/04/2023, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RECEIPT_.exe
Size

443KB
MD5

d7bb9f4381a205a3602506e87ea11e18
SHA1

3ffb8b762e6cb60247e7380b3c55779af1bdb04f
SHA256

852a409d12623a45b48954ba63888c81a7ac3a4c36550eb8a0aac1307f542ae3
SHA512

cf087d7870fb4bcd864ab48a07c4b17766012dac7134a98d0176842ace93f7345a9c0261b6b3d25a4bc8af951d65fd76522c1e679aa938f8c1c390ac847345a9
SSDEEP

12288:P4rQNPvtoUTH339UZiplvgps30O7Gq8PXaTbvjf7Zi:eu39H9kIV7NUXwbE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1704	RECEIPT_.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\resources\Uhjlpsom\Organisationsnavns\Brucella.Dra	RECEIPT_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\RECEIPT_.exe
"C:\Users\Admin\AppData\Local\Temp\RECEIPT_.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
PID:1704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj4646.tmp\System.dll

Filesize
11KB

MD5
b0c77267f13b2f87c084fd86ef51ccfc

SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

Download Submit
memory/1704-66-0x0000000004180000-0x0000000005AA7000-memory.dmp

Filesize
25.2MB

Download