7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377

Analysis

Target

7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe
Size

25KB
MD5

0790a7e0a842e1de70de194054fa11b3
SHA1

4595cdd47b63a4ae256ed22590311f388bc7a2d8
SHA256

7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377
SHA512

0fe5bbe2a6681dde660b5ca2ebee3ae969efa0046641c991de805a83810b21176ae6cd05da1316a538929599e52db00cc4aaa4c80b11b1922429facb25d9ced9

Score

5^/10

ransomware

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

Defacement

Modify Registry

Processes:

7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\god.jpg"	7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe

C:\Users\Admin\AppData\Local\Temp\7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe
"C:\Users\Admin\AppData\Local\Temp\7de8ca88e240fb905fc2e8fd5db6c5af82d8e21556f0ae36d055f623128c3377.exe"
1⤵
- Sets desktop wallpaper using registry
PID:1292

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

memory/1292-55-0x0000000076641000-0x0000000076643000-memory.dmp

Filesize
8KB

Download