Overview

overview

9

Static

static

URLScan

urlscan

http://we.tl/t-ZRlwh...

windows10-2004-x64

9

Resubmissions

25-10-2022 00:57

221025-ba2vzabbel 9

19-10-2022 05:41

221019-gdw2saegg3 1

19-10-2022 05:38

221019-gb4c3segf5 1

19-10-2022 05:36

221019-ganw1aegf3 1

19-10-2022 05:34

221019-f9raqsfdbr 8

19-10-2022 05:29

221019-f6qj2aegd4 8

19-10-2022 05:28

221019-f6b2msegd3 6

19-10-2022 05:26

221019-f45wyafchq 6

19-10-2022 05:10

221019-ftnjxafcen 9

19-10-2022 04:53

221019-fh358aefg9 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://we.tl/t-ZRlwhHea1p

  • Sample

    221019-ftnjxafcen

Score
9/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      http://we.tl/t-ZRlwhHea1p

    Score
    9/10
    evasionpersistenceransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks