b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3 | Triage

Submit
Reports

Overview

overview

9

Static

static

b2a27c3b5c...e3.exe

windows7_x64

9

b2a27c3b5c...e3.exe

windows10_x64

9

Resubmissions

04-05-2020 15:13

200504-6r5nmgfcka 10

21-04-2020 05:49

200421-nvrsxxs6e6 9

Sharing

General

Target

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe
Size

12KB
Sample

200421-nvrsxxs6e6
MD5

4a7378c7ef7a9b72aa2b38019aa6fcdc
SHA1

7e19a75d8a91fa2e4e6e7519609eb8c300a8a030
SHA256

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3
SHA512

8eb4cfcd03315f5984ee6909cd33b3086227e610d78d24dd32525a421a92b440fe012f2b5403dbc10be8db875fa5db83731786578395fef44dde8394ec219441

Score

9^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe

Resource

win7v200410

ransomware evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe

Resource

win10v200410

ransomware evasion persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3.exe
- Size
  
  12KB
- MD5
  
  4a7378c7ef7a9b72aa2b38019aa6fcdc
- SHA1
  
  7e19a75d8a91fa2e4e6e7519609eb8c300a8a030
- SHA256
  
  b2a27c3b5c301b22260722383a889d491431e4909e4a0bf810840ba882cbbce3
- SHA512
  
  8eb4cfcd03315f5984ee6909cd33b3086227e610d78d24dd32525a421a92b440fe012f2b5403dbc10be8db875fa5db83731786578395fef44dde8394ec219441
Score

9^/10

ransomware evasion persistence
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies Windows Firewall
  evasion
- Deletes itself
- Drops startup file
- Drops desktop.ini file(s)
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

ransomwareevasionpersistence

behavioral2

ransomwareevasionpersistence

© 2018-2024

Terms | Privacy