dharma | d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967 | Triage

Submit
Reports

Overview

overview

Static

static

d35ed5f0fb...67.exe

windows7-x64

d35ed5f0fb...67.exe

windows10-2004-x64

1

Sharing

General

Target

d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967
Size

346KB
Sample

221023-asgr3sffcn
MD5

1ddc755d08a1817dd500b4135acb530b
SHA1

fde8d8506e6c121e4a7c7944f6369e608f77aa08
SHA256

d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967
SHA512

7de5811fecd7629a3f738afe704763185dab2c4afe19da40121748debe3f87db25d07287fb081d83bbbc6b98e1a2c3f8ee9006b507c148abf4bd4f667a56470a
SSDEEP

6144:YrhM4eG+kPsgzC4eS2h4ayNWLSrcs6rGAiN7h:YUhk0g5eS7ASL6rQv

Score

10^/10

dharma persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967.exe

Resource

win7-20220812-en

dharma persistence ransomware

windows7-x64

12 signatures

10 seconds

Behavioral task

behavioral2

Sample

d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

10 seconds

Malware Config

Targets

- Target
  
  d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967
- Size
  
  346KB
- MD5
  
  1ddc755d08a1817dd500b4135acb530b
- SHA1
  
  fde8d8506e6c121e4a7c7944f6369e608f77aa08
- SHA256
  
  d35ed5f0fb9669c103d47f70ad00aee318030952bb0c5af88da9680ad40c4967
- SHA512
  
  7de5811fecd7629a3f738afe704763185dab2c4afe19da40121748debe3f87db25d07287fb081d83bbbc6b98e1a2c3f8ee9006b507c148abf4bd4f667a56470a
- SSDEEP
  
  6144:YrhM4eG+kPsgzC4eS2h4ayNWLSrcs6rGAiN7h:YUhk0g5eS7ASL6rQv
Score

10^/10

dharma persistence ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomware

behavioral2

© 2018-2024

Terms | Privacy