5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101 | Triage

Submit
Reports

Overview

overview

9

Static

static

Windows Se...er.exe

windows10-1703-x64

9

Resubmissions

21-09-2022 15:35

220921-s1bj5scbfr 9

18-06-2021 06:44

210618-hbnfahrlfa 10

18-06-2021 06:16

210618-zl79572kwa 10

Sharing

General

Target

Windows Session Manager.exe
Size

278KB
Sample

220921-s1bj5scbfr
MD5

6736b48ac9b71f21d8e41d5a1f27a0a6
SHA1

45eb63e779cb9f33209b29a175199a9048bd9035
SHA256

5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101
SHA512

c009278cd156d72957b5a29cec68eb97a0aad8dba7dc3c7a3bb1bba2c96779c41a89a106d65dcb91880fb5e2a639c1b89c87ba3906dd11f4aa7f76fe1f5de8ad
SSDEEP

6144:AhyeUdWgyNuXCphsogRi+xB+jyVEdIcbvjb7DiPQZu7xsyPD:AhyldyFp6e++yVDcbbX2PQgVsy

Score

9^/10

ransomware

Static task

static1

Behavioral task

behavioral1

Sample

Windows Session Manager.exe

Resource

win10-20220812-en

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Windows Session Manager.exe
- Size
  
  278KB
- MD5
  
  6736b48ac9b71f21d8e41d5a1f27a0a6
- SHA1
  
  45eb63e779cb9f33209b29a175199a9048bd9035
- SHA256
  
  5ad38d579fb249b3326a25cffb6f5ffea11b125cda7b61205893432f59a02101
- SHA512
  
  c009278cd156d72957b5a29cec68eb97a0aad8dba7dc3c7a3bb1bba2c96779c41a89a106d65dcb91880fb5e2a639c1b89c87ba3906dd11f4aa7f76fe1f5de8ad
- SSDEEP
  
  6144:AhyeUdWgyNuXCphsogRi+xB+jyVEdIcbvjb7DiPQZu7xsyPD:AhyldyFp6e++yVDcbbX2PQgVsy
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy