8c278b732a5ab1bd699cfa7b4fcdd1868f686779a9ff66d43b6834baac3547df

Analysis

max time kernel
145s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

订单信息.pdf_.exe
Size

6.7MB
MD5

95decb42f6e1e72bcd71a2965f789217
SHA1

a0e338d3492618486b872b7967e79572611de6da
SHA256

8c278b732a5ab1bd699cfa7b4fcdd1868f686779a9ff66d43b6834baac3547df
SHA512

8d33d0aaf8acb0d0aefd4ad723f674945638ab6e11c1f41f1e748f6d9120e23d16d99856204228f8cd012b7d812a9da58a28fc1d03254ecf33bb211dc2c7c749
SSDEEP

98304:Z3i51vCbt/lQKBErje9G7J7GdiuJ67nDezL:pBNQV/sSuIDezL

Score

5^/10

ransomware

Malware Config

Signatures

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bg.png"	订单信息.pdf_.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	订单信息.pdf_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1956	2076	订单信息.pdf_.exe	31
PID 2076 wrote to memory of 1956	2076	订单信息.pdf_.exe	31
PID 2076 wrote to memory of 1956	2076	订单信息.pdf_.exe	31

C:\Users\Admin\AppData\Local\Temp\订单信息.pdf_.exe
"C:\Users\Admin\AppData\Local\Temp\订单信息.pdf_.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\rundll32.exe
  rundll32 url.dll,FileProtocolHandler C:\Users\Admin\AppData\Local\Temp\bg.png
  2⤵
  PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact