53ead46fd6527c5e97e29944d6c40302be0b63192d00c1646939330fb2d319c0 | Triage

Sharing

General

Target

aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772.zip
Size

77KB
Sample

200626-fl3lkg6frs
MD5

1be4d8c271ed3646a763a79c498b79c7
SHA1

059c74b44694496bef2174174a60c63e3fe9bd91
SHA256

53ead46fd6527c5e97e29944d6c40302be0b63192d00c1646939330fb2d319c0
SHA512

fdb0f99c6306941d6a263acfec56a371f05692dd2f81166a14f11603cec92cb9eb38cb13b23810b9a0d646a3d5cfb9ec4e1955dd39bea224c6e29873ad42c83f

Score

9^/10

discovery exploit persistence ransomware

Malware Config

Targets

- Target
  
  aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
- Size
  
  1.1MB
- MD5
  
  13e623cdfb75d99ea7e04c6157ca8ae6
- SHA1
  
  f25f0b369a355f30f5e11ac11a7f644bcfefd963
- SHA256
  
  aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
- SHA512
  
  ea6b5c882a5298e527be1f3c40cc6d75c56453dd0111d7e9818c28fa7ec32feb19f17cab9a9e49eb0ab9f3a987f7dcc5cadfea7ae99a996f174b0a89e674f421
Score

9^/10

exploit ransomware persistence discovery
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

exploitransomwarepersistencediscovery

behavioral2

discoveryexploitransomwarepersistence