768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91 | Triage

Submit
Reports

Overview

overview

9

Static

static

768c09ad69...le.exe

windows7_x64

9

768c09ad69...le.exe

windows10_x64

9

Resubmissions

27-12-2021 19:46

211227-yhb1vadah9 9

26-12-2021 08:08

211226-j1tahshhdk 9

Sharing

General

Target

768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91.bin.sample
Size

338KB
Sample

211226-j1tahshhdk
MD5

b99ce03482978a861c883bb772be3b25
SHA1

84ecf8f8b0de2dbb3df4b99766a84143e49eaa00
SHA256

768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91
SHA512

a9261830ed6a6c93fcd6fd7c8483d917f2b4235bc9dd586eac9d10bdb6ca2872c6101ea512ecc2abc176a60afa576aa0856db25c66bc29bf81fe2a11c94875c1

Score

9^/10

evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91.bin.sample.exe

Resource

win7-en-20211208

evasion ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91.bin.sample.exe

Resource

win10-en-20211208

evasion ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91.bin.sample
- Size
  
  338KB
- MD5
  
  b99ce03482978a861c883bb772be3b25
- SHA1
  
  84ecf8f8b0de2dbb3df4b99766a84143e49eaa00
- SHA256
  
  768c09ad691d4af27f50934df5879166c08c0b18abf2c1a1c8561e8589a07c91
- SHA512
  
  a9261830ed6a6c93fcd6fd7c8483d917f2b4235bc9dd586eac9d10bdb6ca2872c6101ea512ecc2abc176a60afa576aa0856db25c66bc29bf81fe2a11c94875c1
Score

9^/10

evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware

© 2018-2024

Terms | Privacy