7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7 | Triage

Submit
Reports

Overview

overview

9

Static

static

Cyanide.exe

windows7_x64

9

Cyanide.exe

windows10_x64

9

Sharing

General

Target

Cyanide.exe
Size

150KB
Sample

210213-qy1msbm93n
MD5

88552621245e13e37456450b670b040e
SHA1

e2f8374fae2dc206dc390c73c866567691385af9
SHA256

7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7
SHA512

f592750acfe72794a523876cac0c651c9e25414e650203b0001364d3591ca0ed4344c54c961c19233d08b63515672fa6f378d86882457987f2d8cbe6948a3b61

Score

9^/10

bootkit discovery exploit persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Cyanide.exe

Resource

win7v20201028

discovery exploit ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Cyanide.exe

Resource

win10v20201028

bootkit discovery exploit persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Cyanide.exe
- Size
  
  150KB
- MD5
  
  88552621245e13e37456450b670b040e
- SHA1
  
  e2f8374fae2dc206dc390c73c866567691385af9
- SHA256
  
  7dfdcd5bc610f3718de9ecd3fc67aba996d3a9c786b5954832ede3cc99d0b0b7
- SHA512
  
  f592750acfe72794a523876cac0c651c9e25414e650203b0001364d3591ca0ed4344c54c961c19233d08b63515672fa6f378d86882457987f2d8cbe6948a3b61
Score

9^/10

discovery exploit ransomware bootkit persistence
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Bootkit

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryexploitransomware

behavioral2

bootkitdiscoveryexploitpersistenceransomware

© 2018-2024

Terms | Privacy