d1d4e29f5fca0c97cd89a4b5134d298bf2829cea92e5d116084b83d980d2c6e0 | Triage

Submit
Reports

Overview

overview

9

Static

static

d1d4e29f5f...98.msi

windows7_x64

8

d1d4e29f5f...98.msi

windows10-2004_x64

9

Sharing

General

Target

d1d4e29f5fca0c97cd89a4b5134d298.msi
Size

100KB
Sample

220322-pf8glabdgp
MD5

aebfb88d2333ee74373a4cf582682070
SHA1

3d8b0dd99846144287aeeb025a5c9fc254f66fc0
SHA256

d1d4e29f5fca0c97cd89a4b5134d298bf2829cea92e5d116084b83d980d2c6e0
SHA512

9feb73d9c4902f03b94df49b3087418473dd0826480b5fde8ba3654dd8bf22bb372c8881e5254e5e8a0f6cf78bfb2d80c9060208c66478362bc6f75f12fca8cb

Score

9^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

d1d4e29f5fca0c97cd89a4b5134d298.msi

Resource

win7-20220310-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d1d4e29f5fca0c97cd89a4b5134d298.msi

Resource

win10v2004-en-20220113

evasion persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d1d4e29f5fca0c97cd89a4b5134d298.msi
- Size
  
  100KB
- MD5
  
  aebfb88d2333ee74373a4cf582682070
- SHA1
  
  3d8b0dd99846144287aeeb025a5c9fc254f66fc0
- SHA256
  
  d1d4e29f5fca0c97cd89a4b5134d298bf2829cea92e5d116084b83d980d2c6e0
- SHA512
  
  9feb73d9c4902f03b94df49b3087418473dd0826480b5fde8ba3654dd8bf22bb372c8881e5254e5e8a0f6cf78bfb2d80c9060208c66478362bc6f75f12fca8cb
Score

9^/10

evasion persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Blocklisted process makes network request
- Deletes System State backups
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

evasionpersistenceransomware

© 2018-2024

Terms | Privacy