74a717027b6212236662bf641c473b8f8cd65486898b02940357bb9b3035f38a | Triage

Submit
Reports

Overview

overview

8

Static

static

emk21h33.exe

windows7_x64

8

emk21h33.exe

windows10_x64

8

Resubmissions

24-11-2021 13:59

211124-rahp4acghj 10

24-11-2021 09:36

211124-lk29laccgq 8

Sharing

General

Target

emk21h33.exe
Size

385KB
Sample

211124-lk29laccgq
MD5

54e8989f3595120a430b8d31ca87c0cc
SHA1

30609e95e4396e7c409b21e0d96c185736cc01d2
SHA256

74a717027b6212236662bf641c473b8f8cd65486898b02940357bb9b3035f38a
SHA512

56d102a6723e79e0fd4bf5756cf5fe01c36d62a9f1c0575750c288ab9b6de119ce6675a5156c80f4ed3274962981a14095ced7c9d213f9e9216b4a655ab66206

Score

8^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

emk21h33.exe

Resource

win7-en-20211014

evasion persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

emk21h33.exe

Resource

win10-en-20211104

evasion persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  emk21h33.exe
- Size
  
  385KB
- MD5
  
  54e8989f3595120a430b8d31ca87c0cc
- SHA1
  
  30609e95e4396e7c409b21e0d96c185736cc01d2
- SHA256
  
  74a717027b6212236662bf641c473b8f8cd65486898b02940357bb9b3035f38a
- SHA512
  
  56d102a6723e79e0fd4bf5756cf5fe01c36d62a9f1c0575750c288ab9b6de119ce6675a5156c80f4ed3274962981a14095ced7c9d213f9e9216b4a655ab66206
Score

8^/10

evasion persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Downloads PsExec from SysInternals website
  Sysinternals tools like PsExec are often leveraged maliciously by malware families due to being commonly used by testers/administrators.
- Modifies Windows Firewall
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware

© 2018-2024

Terms | Privacy