5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

General
Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

Size

1MB

Sample

200625-a7f1nq69h6

Score
9 /10
MD5

572fea5f025df78f2d316216fbeee52e

SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Malware Config
Targets
Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

MD5

572fea5f025df78f2d316216fbeee52e

Filesize

1MB

Score
9 /10
SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Tags

Signatures

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service
  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Loads dropped DLL

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Possible privilege escalation attempt

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks