146181e078fe6bb39f396ada42620efccdd894524a54e0f1fe6bd56400a644ab | Triage

Sharing

General

Target

146181e078fe6bb39f396ada42620efccdd894524a54e0f1fe6bd56400a644ab
Size

554KB
Sample

220520-1lfjjseae4
MD5

7f2a805e1dd2733355df2d53d5dda731
SHA1

cf68ab321727506371756aad2054c4b81cd5737d
SHA256

146181e078fe6bb39f396ada42620efccdd894524a54e0f1fe6bd56400a644ab
SHA512

ff241af1f35e595f53c0e96a5e667c1f671eef4f9b74738703ef944844cda3d6584f98cf2592739e6489175ebd9a2084b1150d42b39959c07c261cba7ea1318f

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  146181e078fe6bb39f396ada42620efccdd894524a54e0f1fe6bd56400a644ab
- Size
  
  554KB
- MD5
  
  7f2a805e1dd2733355df2d53d5dda731
- SHA1
  
  cf68ab321727506371756aad2054c4b81cd5737d
- SHA256
  
  146181e078fe6bb39f396ada42620efccdd894524a54e0f1fe6bd56400a644ab
- SHA512
  
  ff241af1f35e595f53c0e96a5e667c1f671eef4f9b74738703ef944844cda3d6584f98cf2592739e6489175ebd9a2084b1150d42b39959c07c261cba7ea1318f
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2