Overview

overview

10

Static

static

3

simulation.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    simulation.exe

  • Size

    10.7MB

  • Sample

    211022-kg12paccbk

  • MD5

    736548b0874021c39d8d708178758fde

  • SHA1

    7932f7c00a70e4d19beeffe752905f2438cff6c9

  • SHA256

    25c3a71289610b73d1f36ebf50c1c7b6459d9a0459616f06aa1438c9c8072dc8

  • SHA512

    1761db3af33d03f66d63d0e4bd8b91c07aa4bdb3f538d42ac26344a6e84e20b71cfb018e13ce7e1907b7924c411417c9590eb8898e33b1870ce936db1df41014

Score
10/10
evasionpyinstallerransomware

Malware Config

Targets

    • Target

      simulation.exe

    • Size

      10.7MB

    • MD5

      736548b0874021c39d8d708178758fde

    • SHA1

      7932f7c00a70e4d19beeffe752905f2438cff6c9

    • SHA256

      25c3a71289610b73d1f36ebf50c1c7b6459d9a0459616f06aa1438c9c8072dc8

    • SHA512

      1761db3af33d03f66d63d0e4bd8b91c07aa4bdb3f538d42ac26344a6e84e20b71cfb018e13ce7e1907b7924c411417c9590eb8898e33b1870ce936db1df41014

    Score
    10/10
    evasionransomware

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Clears Windows event logs

      evasionransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Indicator Removal on Host

1
T1070

Modify Registry

1
T1112

Credential Access

Discovery

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks