ec9b412e9a6e0da1a21c01158c4c8313b61b033f58d16d913d72229794069d18 | Triage

Sharing

General

Target

ec9b412e9a6e0da1a21c01158c4c8313b61b033f58d16d913d72229794069d18.bin
Size

58KB
Sample

201103-t4vlwvz2pe
MD5

69b2e5d45b9eb9b7d342f6f580dd6ba8
SHA1

6005c62f68ab4541e4d285d5e20877904b08fc48
SHA256

ec9b412e9a6e0da1a21c01158c4c8313b61b033f58d16d913d72229794069d18
SHA512

511d47ebbc55fa612ef8755446b835079bb6c09c22fe6987ed9170a1efabc2f5ada0e9f801899e5f315401aa8d4408e0883f34d8d4fbd6dcf944a6b99e0af430

Score

9^/10

discovery exploit persistence ransomware

Malware Config

Targets

- Target
  
  ec9b412e9a6e0da1a21c01158c4c8313b61b033f58d16d913d72229794069d18.bin
- Size
  
  58KB
- MD5
  
  69b2e5d45b9eb9b7d342f6f580dd6ba8
- SHA1
  
  6005c62f68ab4541e4d285d5e20877904b08fc48
- SHA256
  
  ec9b412e9a6e0da1a21c01158c4c8313b61b033f58d16d913d72229794069d18
- SHA512
  
  511d47ebbc55fa612ef8755446b835079bb6c09c22fe6987ed9170a1efabc2f5ada0e9f801899e5f315401aa8d4408e0883f34d8d4fbd6dcf944a6b99e0af430
Score

9^/10

discovery exploit persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryexploitpersistenceransomware

behavioral2

discoveryexploitpersistenceransomware