Overview

overview

10

Static

static

10

8d2c9a5891...61.exe

windows7-x64

9

8d2c9a5891...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d2c9a58915d4889b93a09df0917a774309a3976cb555a8a850530433d714661

  • Size

    42KB

  • Sample

    221018-kc87hafba8

  • MD5

    4a542b3b4d9160019cc5a76a881f787f

  • SHA1

    87137f376a99baea1931fed024b76fc871590840

  • SHA256

    8d2c9a58915d4889b93a09df0917a774309a3976cb555a8a850530433d714661

  • SHA512

    2b20847fc0fa830c3190b9084cd43fe36cae279b0e4e06760b50e16714fbaef2a4eb9634f30acad96781266a7bba74f7190d93812e3a129a0ff04d14704e68e1

  • SSDEEP

    768:oO1oR/rVS1RzK4wbs+D/SIJX+ZZ1SQQwZuI6PzDf4rOcWNJLoYg:o5S1FKnDtkuIyjNJ8

Score
10/10
makopransomware

Malware Config

Targets

    • Target

      8d2c9a58915d4889b93a09df0917a774309a3976cb555a8a850530433d714661

    • Size

      42KB

    • MD5

      4a542b3b4d9160019cc5a76a881f787f

    • SHA1

      87137f376a99baea1931fed024b76fc871590840

    • SHA256

      8d2c9a58915d4889b93a09df0917a774309a3976cb555a8a850530433d714661

    • SHA512

      2b20847fc0fa830c3190b9084cd43fe36cae279b0e4e06760b50e16714fbaef2a4eb9634f30acad96781266a7bba74f7190d93812e3a129a0ff04d14704e68e1

    • SSDEEP

      768:oO1oR/rVS1RzK4wbs+D/SIJX+ZZ1SQQwZuI6PzDf4rOcWNJLoYg:o5S1FKnDtkuIyjNJ8

    Score
    10/10
    ransomware

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks