45ff13207c97a6e00f90b7ece1446d4d853de7141c45c68113d7d8b7746a63ed | Triage

Sharing

General

Target

45ff13207c97a6e00f90b7ece1446d4d853de7141c45c68113d7d8b7746a63ed
Size

554KB
Sample

220520-2vwgssbafn
MD5

e23c0030c07194dc6b74fa3aac3e4f55
SHA1

66333fbf9d4e3e069f5ad985ea80c497c04e98b7
SHA256

45ff13207c97a6e00f90b7ece1446d4d853de7141c45c68113d7d8b7746a63ed
SHA512

3f36f4c3c1e4fec599a403fd4321b8dc6e73ad160be4c321072a1cff0421ad53d5feddd46d2c6c8bc4c9951e6d863bc3e33452854cdaea3d3db4fce9503ab40a

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  45ff13207c97a6e00f90b7ece1446d4d853de7141c45c68113d7d8b7746a63ed
- Size
  
  554KB
- MD5
  
  e23c0030c07194dc6b74fa3aac3e4f55
- SHA1
  
  66333fbf9d4e3e069f5ad985ea80c497c04e98b7
- SHA256
  
  45ff13207c97a6e00f90b7ece1446d4d853de7141c45c68113d7d8b7746a63ed
- SHA512
  
  3f36f4c3c1e4fec599a403fd4321b8dc6e73ad160be4c321072a1cff0421ad53d5feddd46d2c6c8bc4c9951e6d863bc3e33452854cdaea3d3db4fce9503ab40a
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2