Overview

overview

10

Static

static

10

1ec3690694...08.exe

windows7-x64

9

1ec3690694...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ec36906942f364c760a7d1704faaa3dfcd7d52bcd1678e8c7a2c434ca785808

  • Size

    42KB

  • Sample

    221020-j5rx9adacl

  • MD5

    ce36475e41157b1187801d6b663ab744

  • SHA1

    70a4c1e77ab8c2de2cdf928dabd7fedfbd7a41c4

  • SHA256

    1ec36906942f364c760a7d1704faaa3dfcd7d52bcd1678e8c7a2c434ca785808

  • SHA512

    1526d76a12e6cb98630d711752281068daa9188d7aaccaf3049d28fc4b18a24eb6a81c161d616273b7e4deefa24f5481b8e4ff58a6c8491737763fc9e21bb521

  • SSDEEP

    768:PO1oR/rVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzD04rOcWNJLoYg:P5S1FKnDtkuImKNJ8

Score
10/10
makopransomware

Malware Config

Targets

    • Target

      1ec36906942f364c760a7d1704faaa3dfcd7d52bcd1678e8c7a2c434ca785808

    • Size

      42KB

    • MD5

      ce36475e41157b1187801d6b663ab744

    • SHA1

      70a4c1e77ab8c2de2cdf928dabd7fedfbd7a41c4

    • SHA256

      1ec36906942f364c760a7d1704faaa3dfcd7d52bcd1678e8c7a2c434ca785808

    • SHA512

      1526d76a12e6cb98630d711752281068daa9188d7aaccaf3049d28fc4b18a24eb6a81c161d616273b7e4deefa24f5481b8e4ff58a6c8491737763fc9e21bb521

    • SSDEEP

      768:PO1oR/rVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzD04rOcWNJLoYg:P5S1FKnDtkuImKNJ8

    Score
    10/10
    ransomware

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks