makop | 9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9 | Triage

Submit
Reports

Overview

overview

Static

static

9385c94181...b9.exe

windows7-x64

8

9385c94181...b9.exe

windows10-2004-x64

Sharing

General

Target

9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
Size

21KB
Sample

221107-wpfw9sddhn
MD5

ef8fe9e54b324a7b8c52dd55970c3eee
SHA1

08c2d71489f6e203d9281904e933a797d5822463
SHA256

9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
SHA512

a0ed1ff57f275c58626de37a1709957d46e4199bd113e98b405026456d45af8bc658724d185a88614a6cd5fa3092e32ae89a9400de6ca6a4713cdbb90ea21132
SSDEEP

384:7rwgu4oJuTJj+XZ9Y9qkyUI07jn6qq9fUaIfqfxWkqxrF6ZlvH38R0V:HaJU+Je9Lwjn9fU7q55AQDHr

Score

10^/10

makop evasion persistence ransomware upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9.exe

Resource

win7-20220901-en

persistence upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9.exe

Resource

win10v2004-20220812-en

evasion persistence ransomware upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
- Size
  
  21KB
- MD5
  
  ef8fe9e54b324a7b8c52dd55970c3eee
- SHA1
  
  08c2d71489f6e203d9281904e933a797d5822463
- SHA256
  
  9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
- SHA512
  
  a0ed1ff57f275c58626de37a1709957d46e4199bd113e98b405026456d45af8bc658724d185a88614a6cd5fa3092e32ae89a9400de6ca6a4713cdbb90ea21132
- SSDEEP
  
  384:7rwgu4oJuTJj+XZ9Y9qkyUI07jn6qq9fUaIfqfxWkqxrF6ZlvH38R0V:HaJU+Je9Lwjn9fU7q55AQDHr
Score

10^/10

persistence upx evasion ransomware
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

evasionpersistenceransomwareupx

© 2018-2024

Terms | Privacy