6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1 | Triage

Submit
Reports

Overview

overview

9

Static

static

6356a267a7...a1.exe

windows7_x64

9

6356a267a7...a1.exe

windows10-2004_x64

3

Sharing

General

Target

6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1
Size

554KB
Sample

220521-avtvesdggn
MD5

94d229fc107533eb550d04b03cc41afb
SHA1

7b4acea67134d35d128620ae94a4dbe38287b37b
SHA256

6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1
SHA512

7b2cd57aeb97d43ac50c5d942a6bd83cbda8e0bc8f2c2f25b6a0fb150108ec5900c8cfcf1fd347f3b4f5d2b1eb9ec6bae41f12881e8927fd2130ea3ccd772ffb

Score

9^/10

evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1.exe

Resource

win7-20220414-en

evasion persistence ransomware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1
- Size
  
  554KB
- MD5
  
  94d229fc107533eb550d04b03cc41afb
- SHA1
  
  7b4acea67134d35d128620ae94a4dbe38287b37b
- SHA256
  
  6356a267a78aa9bb9c21b81d13586b1dc6ecec44faf6e3af2005a3ae07a611a1
- SHA512
  
  7b2cd57aeb97d43ac50c5d942a6bd83cbda8e0bc8f2c2f25b6a0fb150108ec5900c8cfcf1fd347f3b4f5d2b1eb9ec6bae41f12881e8927fd2130ea3ccd772ffb
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

© 2018-2024

Terms | Privacy