wastedlocker | 887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d | Triage

Submit
Reports

Overview

overview

Static

static

9

887aac6177...le.exe

windows7_x64

887aac6177...le.exe

windows10_x64

Sharing

General

Target

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample
Size

1.1MB
Sample

210726-7za2gl29gn
MD5

6b20ef8fb494cc6e455220356de298d0
SHA1

763d356d30e81d1cd15f6bc6a31f96181edb0b8f
SHA256

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
SHA512

ef53b73a911a608439bf929fa66a66fbf015ed274735b91c1d3b08128b14d6514d5514157e541441b9de0827d068c8f514cfd24a3a52fecb2d09764c4fb3311a

Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample.exe

Resource

win7v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample.exe

Resource

win10v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample
- Size
  
  1.1MB
- MD5
  
  6b20ef8fb494cc6e455220356de298d0
- SHA1
  
  763d356d30e81d1cd15f6bc6a31f96181edb0b8f
- SHA256
  
  887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d
- SHA512
  
  ef53b73a911a608439bf929fa66a66fbf015ed274735b91c1d3b08128b14d6514d5514157e541441b9de0827d068c8f514cfd24a3a52fecb2d09764c4fb3311a
Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

wastedlockercryptonediscoveryexploitpackerransomware

behavioral2

wastedlockercryptonediscoveryexploitpackerransomware

© 2018-2024

Terms | Privacy