Overview

overview

10

Static

static

3

faktura,pdf.exe

windows7-x64

10

faktura,pdf.exe

windows10-2004-x64

7

lejdjsong.exe

windows7-x64

10

lejdjsong.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faktura,pdf.exe

  • Size

    484KB

  • MD5

    0c2779d8b1c98fee81f0e5f0f47b1076

  • SHA1

    5dc8b937c91d42bfb4870970a85d6b415e208aba

  • SHA256

    02928b2d3818c82f6b0cd4d1c69a5717b36d56a6ede9e8b6e6dfad55d9165406

  • SHA512

    4a60973ec7ea718fb5d562d030876987fb5006c9a1f0a2241dc7aca1800c0c386aed3be4e651f7aa158ccf4d133ee7e8f0de4f608f0f1a7577ed9e4ca9fcbc3b

  • SSDEEP

    6144:eNeZkjUUpNggUZvLl6SpvAkfcxMLiEVCN4WQBWkNtU:eNAi5UFLl6SpvAkfcx4iEVRWQrNtU

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faktura,pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\faktura,pdf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Users\Admin\AppData\Local\Temp\lejdjsong.exe
      "C:\Users\Admin\AppData\Local\Temp\lejdjsong.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lejdjsong.exe
    Filesize

    73KB

    MD5

    86a148c54d7a5ee49386393a7bd64e75

    SHA1

    3bcd7adf68d28514c0d362964bf4ac1e067bda6f

    SHA256

    7cc777f463f00d5389c55fe6cc7904b427efd52ab0b2e932ddd1210d6c0eedb6

    SHA512

    214f5530b2adc519243cd0c10af2987275988b45e1050f147391ece49c3ab2ae3ec4dff4f79598a6f9061ae4d70fbc78334d4a1ae2e863ab92628e0b4beb00fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkzbr.e
    Filesize

    185KB

    MD5

    591d6e5750339bb3848fd5abc97311f0

    SHA1

    d688280ea879a1a309f72fede33f6695ec5ed105

    SHA256

    b778488ba471b2edfc808c5e4d55e4e0221d7ca23100c6cf563177db8f9b5fc8

    SHA512

    81dc6568ea3b278aa320f04b651b2b9b100e891eb8ecca21c6685031865ff6a3a0129c2a28acc5f7ddc2997db4db12ead12bcca89a786f9c402e799a4eea3ae6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vnbnucchqkc.gr
    Filesize

    4KB

    MD5

    d2a837454edcdf54d22d808482386ba7

    SHA1

    f8483cba5522ead7d1b557914ff3c411fc4df541

    SHA256

    2ba5c60045c398ebd1e59e2225250b8f09536e4a4ba4eec26186a68fb9574a0a

    SHA512

    4078b008e9a7dce2e4938936bef3bcb3262d29f1ffbc45fed75093cb742b6ed7c2de0c98f83d3db0289d6b9a02a28a115b44aeb28a258d95e18236b230cf17d3

    Download Submit

  • memory/624-8-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB

    Download