222b2b80b21db2584d9cb51082f7eadf0bbf04bb2a555ef850391d62dd68d5d9 | Triage

Sharing

General

Target

222b2b80b21db2584d9cb51082f7eadf0bbf04bb2a555ef850391d62dd68d5d9
Size

592KB
Sample

191025-w35pvd2lbx
MD5

14eba698c1dedfee512156111ec6ba3b
SHA1

fb3a130e3ed8e710a9d98d13574c5f4e0301dfcb
SHA256

222b2b80b21db2584d9cb51082f7eadf0bbf04bb2a555ef850391d62dd68d5d9
SHA512

0da6173c736ca6b62c837afafdff46e96ccd8c89452962ff995b40dfd97b2e0907f4741f8adcba4f38d4b4448aee7980027557ffcb2e1a98112fff684cd4f137

Score

9^/10

Malware Config

Targets

- Target
  
  222b2b80b21db2584d9cb51082f7eadf0bbf04bb2a555ef850391d62dd68d5d9
- Size
  
  592KB
- MD5
  
  14eba698c1dedfee512156111ec6ba3b
- SHA1
  
  fb3a130e3ed8e710a9d98d13574c5f4e0301dfcb
- SHA256
  
  222b2b80b21db2584d9cb51082f7eadf0bbf04bb2a555ef850391d62dd68d5d9
- SHA512
  
  0da6173c736ca6b62c837afafdff46e96ccd8c89452962ff995b40dfd97b2e0907f4741f8adcba4f38d4b4448aee7980027557ffcb2e1a98112fff684cd4f137
Score

9^/10
- Deletes shadow copies
  ransomware
- Deletes itself
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Drops Office document
  dropper exploiter maldoc
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

task1

task2