f0f3009b3d88e680f9e022575be694cb565ec8824d8d3252a8af43b00fb2dd36 | Triage

Submit
Reports

Overview

overview

9

Static

static

Compile.exe

windows7_x64

9

Compile.exe

windows10_x64

9

Sharing

General

Target

Compile.exe
Size

6.6MB
Sample

210507-xayfvgapln
MD5

0063315a032fd1d3728c2f6e726a30d0
SHA1

9c2bc3b753ee4ce52f9d48f9d2c067cb1ce5eb24
SHA256

f0f3009b3d88e680f9e022575be694cb565ec8824d8d3252a8af43b00fb2dd36
SHA512

0c5d05c8dfdbf7f7394664054a9acd0d02ac54f7eac8e78dae2f8987583c7a66974e1fe1b4e429df710d1f0b5d6c711da96113ec0d497be14355336cf854450f

Score

9^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Compile.exe

Resource

win7v20210410

evasion persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Compile.exe

Resource

win10v20210408

evasion persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Compile.exe
- Size
  
  6.6MB
- MD5
  
  0063315a032fd1d3728c2f6e726a30d0
- SHA1
  
  9c2bc3b753ee4ce52f9d48f9d2c067cb1ce5eb24
- SHA256
  
  f0f3009b3d88e680f9e022575be694cb565ec8824d8d3252a8af43b00fb2dd36
- SHA512
  
  0c5d05c8dfdbf7f7394664054a9acd0d02ac54f7eac8e78dae2f8987583c7a66974e1fe1b4e429df710d1f0b5d6c711da96113ec0d497be14355336cf854450f
Score

9^/10

evasion persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Disables Task Manager via registry modification
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware

© 2018-2024

Terms | Privacy