Overview

overview

9

Static

static

8dc3389d37...01.exe

windows7_x64

9

8dc3389d37...01.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.zip

  • Size

    71KB

  • Sample

    201021-anhvn5x6qs

  • MD5

    2f44a1e6c797b73328ef68cb8c011be4

  • SHA1

    bf4c6fe78cb90f36b585b265d0132fe0c10a00a8

  • SHA256

    081f5e20e8714daab866fc9de69e2eda3282b1e46c538a01043ee786f35176d0

  • SHA512

    e964e090221c924822cd79cba55182842e77533a3c06bf26f925bf5dc71d8e133cbcaefa6578b9565e6b9ded3c49939d5ef992198b9e500996b80cdad8745ba4

Score
9/10
discoveryexploitpersistenceransomware

Malware Config

Targets

    • Target

      8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.exe

    • Size

      1.2MB

    • MD5

      7e34c5bd27f25a1e1d47a27702708e28

    • SHA1

      fb65ea1cc1d81a17effe16ecd2d10f34975a67d8

    • SHA256

      8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01

    • SHA512

      2b4099e3f15dfd6414c812e87c5f8cfd1926234012e6c67e71433bc4bed7c823ca6d19f8bb927d16ee8e32859b663a9cbccc890eedb3cdaebb8ec2c04784114f

    Score
    9/10
    ransomwarediscoverypersistenceexploit

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Possible privilege escalation attempt

      exploit

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks