8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01 | Triage

Sharing

General

Target

8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.bin
Size

1.2MB
Sample

201021-8p9xns99lx
MD5

7e34c5bd27f25a1e1d47a27702708e28
SHA1

fb65ea1cc1d81a17effe16ecd2d10f34975a67d8
SHA256

8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01
SHA512

2b4099e3f15dfd6414c812e87c5f8cfd1926234012e6c67e71433bc4bed7c823ca6d19f8bb927d16ee8e32859b663a9cbccc890eedb3cdaebb8ec2c04784114f

Score

9^/10

discovery exploit persistence ransomware

Malware Config

Targets

- Target
  
  8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.bin
- Size
  
  1.2MB
- MD5
  
  7e34c5bd27f25a1e1d47a27702708e28
- SHA1
  
  fb65ea1cc1d81a17effe16ecd2d10f34975a67d8
- SHA256
  
  8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01
- SHA512
  
  2b4099e3f15dfd6414c812e87c5f8cfd1926234012e6c67e71433bc4bed7c823ca6d19f8bb927d16ee8e32859b663a9cbccc890eedb3cdaebb8ec2c04784114f
Score

9^/10

persistence discovery exploit ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

File and Directory Permissions Modification

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistencediscoveryexploitransomware

behavioral2

persistenceexploitransomwarediscovery