aa2adc21b1b4361db2e18c6d3d56c15d45b08fb51a915bc208acf2d9debe1966 | Triage

Sharing

General

Target

aa2adc21b1b4361db2e18c6d3d56c15d45b08fb51a915bc208acf2d9debe1966
Size

162KB
Sample

221122-wvxf7sga3t
MD5

ad32fe37755ed1fe8ef0e5b031895585
SHA1

df9b68dadc58806e01c8737e176e3cfeea0f7302
SHA256

aa2adc21b1b4361db2e18c6d3d56c15d45b08fb51a915bc208acf2d9debe1966
SHA512

81e5bf0bc15e1c8c1feeba387f95e08e7caa444c0ec9fc015340cd043019b6b1df61cf5609a7e01697c5adddec0ec9fb6395fe742f25268cf1d9ece399c079f5
SSDEEP

3072:jBRbl8oVySdHE6prM9noBFTh9BVzJV9FGmIrqEik5Rb:jTbBg6KOl1JfFGmC5Rb

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  aa2adc21b1b4361db2e18c6d3d56c15d45b08fb51a915bc208acf2d9debe1966
- Size
  
  162KB
- MD5
  
  ad32fe37755ed1fe8ef0e5b031895585
- SHA1
  
  df9b68dadc58806e01c8737e176e3cfeea0f7302
- SHA256
  
  aa2adc21b1b4361db2e18c6d3d56c15d45b08fb51a915bc208acf2d9debe1966
- SHA512
  
  81e5bf0bc15e1c8c1feeba387f95e08e7caa444c0ec9fc015340cd043019b6b1df61cf5609a7e01697c5adddec0ec9fb6395fe742f25268cf1d9ece399c079f5
- SSDEEP
  
  3072:jBRbl8oVySdHE6prM9noBFTh9BVzJV9FGmIrqEik5Rb:jTbBg6KOl1JfFGmC5Rb
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2