c0cbd6339026f42a838278795dbf8fa5ac11d8f6fb751e50289847b01a736823 | Triage

Submit
Reports

Overview

overview

Static

static

3b910dce05...28.exe

windows7-x64

3b910dce05...28.exe

windows10-2004-x64

Sharing

General

Target

3b910dce05a7207cd1ad34af2b24e428
Size

388KB
Sample

221123-g67c8aha6y
MD5

3b910dce05a7207cd1ad34af2b24e428
SHA1

f3c01d2c305a1b3a737ad2b73c3ba22558fc94f7
SHA256

c0cbd6339026f42a838278795dbf8fa5ac11d8f6fb751e50289847b01a736823
SHA512

8683a976b8f376dee448e285fa396b333444af3164083e93b7ab86902a3ea79a9d241494f9e20112967d3fd35fa881279ffc071791fbf9c5581829bb75a04524
SSDEEP

6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXIEmqF4fmq7k3ivPjVbdgZ/:1GqN/XdctpVtkiXXIEduOZij34

Score

10^/10

ransomware

Static task

static1

Behavioral task

behavioral1

Sample

3b910dce05a7207cd1ad34af2b24e428.exe

Resource

win7-20220901-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b910dce05a7207cd1ad34af2b24e428.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b910dce05a7207cd1ad34af2b24e428
- Size
  
  388KB
- MD5
  
  3b910dce05a7207cd1ad34af2b24e428
- SHA1
  
  f3c01d2c305a1b3a737ad2b73c3ba22558fc94f7
- SHA256
  
  c0cbd6339026f42a838278795dbf8fa5ac11d8f6fb751e50289847b01a736823
- SHA512
  
  8683a976b8f376dee448e285fa396b333444af3164083e93b7ab86902a3ea79a9d241494f9e20112967d3fd35fa881279ffc071791fbf9c5581829bb75a04524
- SSDEEP
  
  6144:pOYGXaPNxdgSdcq2pVZPOJHAbKSXXIEmqF4fmq7k3ivPjVbdgZ/:1GqN/XdctpVtkiXXIEduOZij34
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy