7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.jckb-7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a
Size

14KB
Sample

221107-g6tr5aeefp
MD5

331add07bd368ff7f40f722a1b86c18c
SHA1

02b1b1faca8d7a3e16bb204710e1dc1f48a2db70
SHA256

7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a
SHA512

6204a7fc7ac4382f5b5ac358e3ed1c66361ad8b5c6f07bb35a1b5c402df0452088e37ddd42662c676f49667396840fc330104c38540e51a80c0d182235fe6883
SSDEEP

384:3AHFMtzdh88K+WoSm4QxIgVDDuFQPqhVcILKle380:QluxWZQxI6DDue4B3

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.jckb-7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a
- Size
  
  14KB
- MD5
  
  331add07bd368ff7f40f722a1b86c18c
- SHA1
  
  02b1b1faca8d7a3e16bb204710e1dc1f48a2db70
- SHA256
  
  7a3cd98c65716349dec157732c0fc20d3de989ca3963081e0f9bf3395ce5180a
- SHA512
  
  6204a7fc7ac4382f5b5ac358e3ed1c66361ad8b5c6f07bb35a1b5c402df0452088e37ddd42662c676f49667396840fc330104c38540e51a80c0d182235fe6883
- SSDEEP
  
  384:3AHFMtzdh88K+WoSm4QxIgVDDuFQPqhVcILKle380:QluxWZQxI6DDue4B3
Score

10^/10

evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence