Overview

overview

8

Static

static

cpcrs.exe

windows7_x64

8

cpcrs.exe

windows10-2004_x64

8

csrss.exe

windows7_x64

1

csrss.exe

windows10-2004_x64

1

Resubmissions

27-03-2022 07:19

220327-h52a9abaen 8

22-03-2022 12:16

220322-pfgnwafae5 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d897f07ae6f42de8f35e2b05f5ef5733d7ec599d5e786d3225e66ca605a48f53.zip

  • Size

    228KB

  • Sample

    220327-h52a9abaen

  • MD5

    36dc2a5bab2665c88ce407d270954d04

  • SHA1

    b658bc902fa8b47475271b5802428d39b4e3297b

  • SHA256

    d897f07ae6f42de8f35e2b05f5ef5733d7ec599d5e786d3225e66ca605a48f53

  • SHA512

    a9208e8777aaae5f315739e73b69f299ad20563fe24e9c9f522b9514c4177e9280328fe575b4c98b2bd95e5ecd21fce0307693fd3aa49fcacb352d2530909664

Score
8/10
persistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      cpcrs.exe

    • Size

      419KB

    • MD5

      7d20fa01a703afa8907e50417d27b0a4

    • SHA1

      320116162d78afb8e00fd972591479a899d3dfee

    • SHA256

      3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe

    • SHA512

      0dcebe2598e6ccb51f0609831c93071421049eb924f83871e95c5a280af0d2e76630dfc47c5a2780eb18d55ee9690d6c83aabd8f1043cc2cdc21d9fe5425b892

    Score
    8/10
    persistenceransomwarespywarestealer

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

    • Target

      csrss.exe

    • Size

      412KB

    • MD5

      b4f0ca61ab0c55a542f32bd4e66a7dc2

    • SHA1

      43b3d5ffae55116c68c504339c5d953ca25c0e3f

    • SHA256

      30b3cbe8817ed75d8221059e4be35d5624bd6b5dc921d4991a7adc4c3eb5de4a

    • SHA512

      9135c8ea4a786b789477e892cf117274f897ead370c732f4f4c442cff91467fc9aea33239032314130dc09bdaf7230ffe2f71a0dc1e8fce793d1b7ff93b4ae3e

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks