bef4634ee72645914612a6824b9a9022432d16387e68a97b2929887acd3c464f | Triage

Analysis

max time kernel
51s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-04-2023 07:32

Sharing

Report Analysis Logs

General

Target

Recentralised_PDF.exe
Size

294KB
MD5

b5cc8828c3c9728d2435201f007eda89
SHA1

96ba1683360ef9da3b7bd9bd26f86b06b2700c40
SHA256

fe32260b510e96af71c6552699e9499622a2dd5b7d5328e3ad863d2b6bd1b803
SHA512

0f2c9dd9f87c149041d2f0db48e5b12e3ad5637cf7302db448316c3eaf65f15ba42006a17068cfbe4331ca558534ad356bffa59e86cf53837dfa9981db7ec447
SSDEEP

6144:hhgqhwXoAprHq2w5At4yvObfWeSd32NFRPMNaLGknBC4v+eEEv0:UqMm2w5AyBVSdooaKkF24s

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1336	Recentralised_PDF.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Recentralised_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Recentralised_PDF.exe"
1⤵
- Loads dropped DLL
PID:1336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd7E36.tmp\System.dll

Filesize
11KB

MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7

SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116

SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

Download Submit