29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1 | Triage

Submit
Reports

Overview

overview

9

Static

static

29846c5b03...b1.exe

windows7_x64

9

29846c5b03...b1.exe

windows10-2004_x64

3

Sharing

General

Target

29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
Size

554KB
Sample

220520-3ca9ksbehk
MD5

0fbcb5b55c5e2fb2b020d5cb7266ee69
SHA1

c4cf2886290641e7c00429c8d866de8eca642de5
SHA256

29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
SHA512

b986e10ea0a67db49eab5d443de76ba64a1071c5f10e432b4d43c4619d4f63f8316582bc7d5238ef00526019af1d4218424b3b9613e5bf6fbc8f7316e2019654

Score

9^/10

evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1.exe

Resource

win7-20220414-en

evasion persistence ransomware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
- Size
  
  554KB
- MD5
  
  0fbcb5b55c5e2fb2b020d5cb7266ee69
- SHA1
  
  c4cf2886290641e7c00429c8d866de8eca642de5
- SHA256
  
  29846c5b0359085d68e8dd6c395228e5f17e950619a745b72f2a6835964f4db1
- SHA512
  
  b986e10ea0a67db49eab5d443de76ba64a1071c5f10e432b4d43c4619d4f63f8316582bc7d5238ef00526019af1d4218424b3b9613e5bf6fbc8f7316e2019654
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

© 2018-2024

Terms | Privacy