633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2 | Triage

Sharing

General

Target

633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin
Size

1.2MB
Sample

201021-gwp7b56yd2
MD5

ad90a317e686b1ab9db651c97ee448b2
SHA1

5a2e9db7daa14511f8fb4e5a9e93e9721d68e593
SHA256

633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2
SHA512

65ebd80b4118d41acc1371ede9a9ee4b37011ed2a03dc7751d3e6d3fc92b9bb6956a442e8c38266bd5c97afdd4d68ebc1657ff2faf35c42e9d28aadf15006353

Score

9^/10

discovery exploit persistence ransomware

Malware Config

Targets

- Target
  
  633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin
- Size
  
  1.2MB
- MD5
  
  ad90a317e686b1ab9db651c97ee448b2
- SHA1
  
  5a2e9db7daa14511f8fb4e5a9e93e9721d68e593
- SHA256
  
  633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2
- SHA512
  
  65ebd80b4118d41acc1371ede9a9ee4b37011ed2a03dc7751d3e6d3fc92b9bb6956a442e8c38266bd5c97afdd4d68ebc1657ff2faf35c42e9d28aadf15006353
Score

9^/10

discovery exploit persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryexploitpersistenceransomware

behavioral2

discoveryexploitpersistenceransomware