Overview

overview

10

Static

static

Interfaces.bin.exe

windows7_x64

10

Interfaces.bin.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Interfaces.bin

  • Size

    1.2MB

  • Sample

    200726-jgqm86w26x

  • MD5

    2cc4534b0dd0e1c8d5b89644274a10c1

  • SHA1

    735ee2c15c0b7172f65d39f0fd33b9186ee69653

  • SHA256

    905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

  • SHA512

    a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

Score
10/10
wastedlockerdiscoveryexploitpersistenceransomware

Malware Config

Targets

    • Target

      Interfaces.bin

    • Size

      1.2MB

    • MD5

      2cc4534b0dd0e1c8d5b89644274a10c1

    • SHA1

      735ee2c15c0b7172f65d39f0fd33b9186ee69653

    • SHA256

      905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

    • SHA512

      a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

    Score
    10/10
    persistencediscoveryexploitransomwarewastedlocker

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

      ransomwarewastedlocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Possible privilege escalation attempt

      exploit

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks