92ec87d6555babcfcfce05d55c49c3281d0c43caa294877b47bd4953f0ded2b8 | Triage

Sharing

General

Target

92ec87d6555babcfcfce05d55c49c3281d0c43caa294877b47bd4953f0ded2b8
Size

307KB
Sample

221123-lty9ascc77
MD5

d4126f6c4121cc5156e2d0816d02eb61
SHA1

2b12e5c93a850f5bbddba900ae3441ea36486916
SHA256

92ec87d6555babcfcfce05d55c49c3281d0c43caa294877b47bd4953f0ded2b8
SHA512

a4d237d7705c25b7d7ad4172f232f7f8953d604be0743203d4279e1f994cb2ec1b0817b120b27e46888fc73318ff23acd296d5df46b6c50043d37d355305343b
SSDEEP

6144:R3Np0yls8l62y4bbfUbA4JVmcJ9+rmAZOkmgH3IWQHp:R3Np0Cs1743fAX/JGQs3IFHp

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  92ec87d6555babcfcfce05d55c49c3281d0c43caa294877b47bd4953f0ded2b8
- Size
  
  307KB
- MD5
  
  d4126f6c4121cc5156e2d0816d02eb61
- SHA1
  
  2b12e5c93a850f5bbddba900ae3441ea36486916
- SHA256
  
  92ec87d6555babcfcfce05d55c49c3281d0c43caa294877b47bd4953f0ded2b8
- SHA512
  
  a4d237d7705c25b7d7ad4172f232f7f8953d604be0743203d4279e1f994cb2ec1b0817b120b27e46888fc73318ff23acd296d5df46b6c50043d37d355305343b
- SSDEEP
  
  6144:R3Np0yls8l62y4bbfUbA4JVmcJ9+rmAZOkmgH3IWQHp:R3Np0Cs1743fAX/JGQs3IFHp
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2