74d07337cec35ca672823d303dd95e0a87ee57532af56652c0e125fba29b4832 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan-Ransom.MSIL.Encoder.gen-74d07337cec35ca672823d303dd95e0a87ee57532af56652c0e125fba29b4832.exe
Size

67KB
Sample

220929-pthhbsagf9
MD5

eb8cffd6160a1a5152ab7be7ffeedf2e
SHA1

f30aae38e3e83250a87df72ca5c1ad390cf29bd5
SHA256

74d07337cec35ca672823d303dd95e0a87ee57532af56652c0e125fba29b4832
SHA512

109091c15df5ca64a4e92a75f5a883fa9c414f85754219931d08aeaa213661902dd88b169b0430ca134a2174f73051f8a3edbbd73c38905643c181ddc87a943b
SSDEEP

1536:q5J6iSz7Z5CylqKNxIFibOw7JKQpwVcl:ygiS/XCtKNxIFibOw7JdpqY

Score

10^/10

persistence ransomware

Malware Config

Targets

- Target
  
  HEUR-Trojan-Ransom.MSIL.Encoder.gen-74d07337cec35ca672823d303dd95e0a87ee57532af56652c0e125fba29b4832.exe
- Size
  
  67KB
- MD5
  
  eb8cffd6160a1a5152ab7be7ffeedf2e
- SHA1
  
  f30aae38e3e83250a87df72ca5c1ad390cf29bd5
- SHA256
  
  74d07337cec35ca672823d303dd95e0a87ee57532af56652c0e125fba29b4832
- SHA512
  
  109091c15df5ca64a4e92a75f5a883fa9c414f85754219931d08aeaa213661902dd88b169b0430ca134a2174f73051f8a3edbbd73c38905643c181ddc87a943b
- SSDEEP
  
  1536:q5J6iSz7Z5CylqKNxIFibOw7JKQpwVcl:ygiS/XCtKNxIFibOw7JdpqY
Score

10^/10

persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware