9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

HEUR-Trojan-Ransom.MSIL.Encoder.gen-9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01.exe
Size

141KB
Sample

220929-pths4abhap
MD5

094f263b6822d0188bc6a8b615ff5072
SHA1

accf72fb4a0a8ffe0949ff5671c6fb08ebf22be7
SHA256

9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01
SHA512

7474ac562358176ac23640ff93c11b1bf3cb7f2b2c96b3837c150446ec2cd4f00d828fdfdab1f92ab271993ae82b1d5adaf9af7f272fa0d71598e34bd2d70b6f
SSDEEP

1536:PcjW/pEJJ4QjUho9JdZ582DOcocl9wVcl:0S/mJJPEo9JdZ5rDOvI9qY

Score

10^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  HEUR-Trojan-Ransom.MSIL.Encoder.gen-9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01.exe
- Size
  
  141KB
- MD5
  
  094f263b6822d0188bc6a8b615ff5072
- SHA1
  
  accf72fb4a0a8ffe0949ff5671c6fb08ebf22be7
- SHA256
  
  9ad63be89938c8fc3a1bd9aa99d02b524e90b6927eeb7cbcfe8a0c59e5431a01
- SHA512
  
  7474ac562358176ac23640ff93c11b1bf3cb7f2b2c96b3837c150446ec2cd4f00d828fdfdab1f92ab271993ae82b1d5adaf9af7f272fa0d71598e34bd2d70b6f
- SSDEEP
  
  1536:PcjW/pEJJ4QjUho9JdZ582DOcocl9wVcl:0S/mJJPEo9JdZ5rDOvI9qY
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware