d63a2b5d1008c22d7ad41dbb6f1e31b3447f720bc2740dd0ec4df9b41d023e88 | Triage

Sharing

General

Target

d63a2b5d1008c22d7ad41dbb6f1e31b3447f720bc2740dd0ec4df9b41d023e88
Size

484KB
Sample

221122-whlh6sca29
MD5

13ffce8662080c941703c4cf419d6344
SHA1

61fc1a13276febbdfe8ec708ebcd25aea28d5a9f
SHA256

d63a2b5d1008c22d7ad41dbb6f1e31b3447f720bc2740dd0ec4df9b41d023e88
SHA512

445ececa5903c6f07d02997cb72db5d87ae828f5b03751a8112781d1f3ec3ce4c4d2de5a6bbba09ad86e24b5400c145bdb535892f07a148d097692f16b48eb9a
SSDEEP

12288:bMz65QZEomA/fOdveGWeMK2p/VEGbvdVCR8vfy7uv:ozyGP7fOZPWew/VEGZVC6R

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  d63a2b5d1008c22d7ad41dbb6f1e31b3447f720bc2740dd0ec4df9b41d023e88
- Size
  
  484KB
- MD5
  
  13ffce8662080c941703c4cf419d6344
- SHA1
  
  61fc1a13276febbdfe8ec708ebcd25aea28d5a9f
- SHA256
  
  d63a2b5d1008c22d7ad41dbb6f1e31b3447f720bc2740dd0ec4df9b41d023e88
- SHA512
  
  445ececa5903c6f07d02997cb72db5d87ae828f5b03751a8112781d1f3ec3ce4c4d2de5a6bbba09ad86e24b5400c145bdb535892f07a148d097692f16b48eb9a
- SSDEEP
  
  12288:bMz65QZEomA/fOdveGWeMK2p/VEGbvdVCR8vfy7uv:ozyGP7fOZPWew/VEGZVC6R
Score

9^/10

evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2