c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
Size

431KB
Sample

221011-x7479abfaq
MD5

1b4149c637c925082ee78dfdfd322210
SHA1

972515af63c02ec38feff8454ab3e42c5c2bbfa6
SHA256

c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
SHA512

9eb4050da55c41b47520a6d5a37279bd1bb138ce838e29f5b62c76623a2b3fe29b6d1509afcafbdb5c80e56d8da72667cea5a3fbea5817b281436ff43bbcb2a2
SSDEEP

12288:F31EFHSleoOld3e3tjTdl/ITRDcr3clycTh:1B0oOld3KT+Dtl31

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
- Size
  
  431KB
- MD5
  
  1b4149c637c925082ee78dfdfd322210
- SHA1
  
  972515af63c02ec38feff8454ab3e42c5c2bbfa6
- SHA256
  
  c7e282af963cab2297a4c0d14ed91c8121a1fb0c663c5e681b12bddd245c7b30
- SHA512
  
  9eb4050da55c41b47520a6d5a37279bd1bb138ce838e29f5b62c76623a2b3fe29b6d1509afcafbdb5c80e56d8da72667cea5a3fbea5817b281436ff43bbcb2a2
- SSDEEP
  
  12288:F31EFHSleoOld3e3tjTdl/ITRDcr3clycTh:1B0oOld3KT+Dtl31
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan