84046e063fdc746842bbe02d93755a382f5d9b63d447356e339c9a8657638f9b | Triage

Sharing

General

Target

84046e063fdc746842bbe02d93755a382f5d9b63d447356e339c9a8657638f9b
Size

227KB
Sample

221123-q4m18saf5y
MD5

784537bffca1e0549ff4930ad89a902e
SHA1

01e74c24987d4e1f428a4cc1c86c0fb42011e05d
SHA256

84046e063fdc746842bbe02d93755a382f5d9b63d447356e339c9a8657638f9b
SHA512

eee552a6fc4740fa5226d7930cb535053034fd662692ae659c1304697e0a1060ac48169bd7a6976455a7673c61fca428ad7cf1663c84a6c34f674de36160e938
SSDEEP

3072:o0aZPh6nCl3M4L7kYYbKyDQOssllC+oSTTVorWKkLKZ0QygbYof/pPjIpN85:o0YP0h4vYEOHCSoCKkLKUg8uprIv85

Score

9^/10

persistence ransomware

Malware Config

Targets

- Target
  
  84046e063fdc746842bbe02d93755a382f5d9b63d447356e339c9a8657638f9b
- Size
  
  227KB
- MD5
  
  784537bffca1e0549ff4930ad89a902e
- SHA1
  
  01e74c24987d4e1f428a4cc1c86c0fb42011e05d
- SHA256
  
  84046e063fdc746842bbe02d93755a382f5d9b63d447356e339c9a8657638f9b
- SHA512
  
  eee552a6fc4740fa5226d7930cb535053034fd662692ae659c1304697e0a1060ac48169bd7a6976455a7673c61fca428ad7cf1663c84a6c34f674de36160e938
- SSDEEP
  
  3072:o0aZPh6nCl3M4L7kYYbKyDQOssllC+oSTTVorWKkLKZ0QygbYof/pPjIpN85:o0YP0h4vYEOHCSoCKkLKUg8uprIv85
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2