ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9 | Triage

Submit
Reports

Overview

overview

9

Static

static

ae25dc288f...c9.exe

windows7_x64

9

ae25dc288f...c9.exe

windows10-2004_x64

3

Sharing

General

Target

ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9
Size

554KB
Sample

220521-ath2jadgbl
MD5

eae7974d820bd517495222b9a616a5c5
SHA1

ed1344541be0cce3e93177ac577f56fa0b06b9f4
SHA256

ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9
SHA512

2cc45bdb0b359d65246b731f9b009de68c625fc667bcd5f19d8e5846a7b627af65cb78665f86d9913f398cf734fe00a65480612b4d3c083f6d661434f581c679

Score

9^/10

evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9.exe

Resource

win7-20220414-en

evasion persistence ransomware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9
- Size
  
  554KB
- MD5
  
  eae7974d820bd517495222b9a616a5c5
- SHA1
  
  ed1344541be0cce3e93177ac577f56fa0b06b9f4
- SHA256
  
  ae25dc288f5ef1ecfe4f7d6728a1814020813d2958434a06011778c206f575c9
- SHA512
  
  2cc45bdb0b359d65246b731f9b009de68c625fc667bcd5f19d8e5846a7b627af65cb78665f86d9913f398cf734fe00a65480612b4d3c083f6d661434f581c679
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

© 2018-2024

Terms | Privacy