5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

Target

Size

1MB

Sample

200625-a7f1nq69h6

Score

9 ^/10

MD5

572fea5f025df78f2d316216fbeee52e

SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

MD5

572fea5f025df78f2d316216fbeee52e

Filesize

1MB

Score

9 ^/10

SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Signatures

Modifies service

Tags

persistence

TTPs

Modify Registry Modify Existing Service
Modifies file permissions

Tags

discovery

TTPs

File Permissions Modification
Loads dropped DLL
Deletes shadow copies

Description

Ransomware often targets backup files to inhibit system recovery.

Tags

ransomware

TTPs

File Deletion Inhibit System Recovery
Possible privilege escalation attempt

Tags

exploit
Executes dropped EXE
Deletes itself
Drops file in System32 directory

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Inhibit System Recovery

Initial Access

Lateral Movement

Persistence

Modify Existing Service

Privilege Escalation

static1

behavioral1

ransomware persistence discovery exploit

9^/10

behavioral2

persistence discovery exploit ransomware

9^/10

Tags

Signatures

Modifies service

Tags

TTPs

Modifies file permissions

Tags

TTPs

Loads dropped DLL

Deletes shadow copies

Description

Tags

TTPs

Possible privilege escalation attempt

Tags

Executes dropped EXE

Deletes itself

Drops file in System32 directory

Related Tasks

static1

behavioral1

behavioral2