84c06f4b2fd1ebc6a931f112520fb13300f3b36c45cacb956f6045e6f388e5fb | Triage

Sharing

General

Target

HEUR-Trojan-Ransom.MSIL.Encoder.gen-84c06f4b2fd1ebc6a931f112520fb13300f3b36c45cacb956f6045e6f388e5fb.exe
Size

441KB
Sample

220925-vdzdssgffj
MD5

90f9a62dc1145821e357c795501ab1b3
SHA1

4430b9ff2ffacceb182e2cacdea530abd0174166
SHA256

84c06f4b2fd1ebc6a931f112520fb13300f3b36c45cacb956f6045e6f388e5fb
SHA512

ed2943c5ad9152b810ee3fd2abae0aface3aba11257f1b1f88093e59d475ddd10733b20b547e879dadd288d7298424e6f8383bda2eef471701fad3b9ed4af37a
SSDEEP

6144:4b9KHnmm7C7MBeqLonYhFL9lx6k5dQFY6LxyGeYCl9:NfC11YT979j6Lxyj

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  HEUR-Trojan-Ransom.MSIL.Encoder.gen-84c06f4b2fd1ebc6a931f112520fb13300f3b36c45cacb956f6045e6f388e5fb.exe
- Size
  
  441KB
- MD5
  
  90f9a62dc1145821e357c795501ab1b3
- SHA1
  
  4430b9ff2ffacceb182e2cacdea530abd0174166
- SHA256
  
  84c06f4b2fd1ebc6a931f112520fb13300f3b36c45cacb956f6045e6f388e5fb
- SHA512
  
  ed2943c5ad9152b810ee3fd2abae0aface3aba11257f1b1f88093e59d475ddd10733b20b547e879dadd288d7298424e6f8383bda2eef471701fad3b9ed4af37a
- SSDEEP
  
  6144:4b9KHnmm7C7MBeqLonYhFL9lx6k5dQFY6LxyGeYCl9:NfC11YT979j6Lxyj
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware