46d55c0f9b4a86890ce08b736be10a8e79bccd552b7e8c3ba8ea7da17dccfb29 | Triage

Sharing

General

Target

46d55c0f9b4a86890ce08b736be10a8e79bccd552b7e8c3ba8ea7da17dccfb29
Size

158KB
Sample

221123-rsar7shd45
MD5

34926506fefc6f5ebace4672d93af6ba
SHA1

4afaa8fe82b71906acf06cb2d7e52de160df2e85
SHA256

46d55c0f9b4a86890ce08b736be10a8e79bccd552b7e8c3ba8ea7da17dccfb29
SHA512

cd600ea51963756703a7c438c0d8c2d4adc06d5dd5d4521baea6335f8e8c5ca9c1b6f66d6c7ae0d24d7d9c841588944fadf23375555368422f50adf6527baac5
SSDEEP

3072:FZefcXfiFuibp8/6im+9eJAtp2Ll7JvAGk2ck:FZeEXfiLpAmAtpWMzk

Score

7^/10

persistence ransomware

Malware Config

Targets

- Target
  
  46d55c0f9b4a86890ce08b736be10a8e79bccd552b7e8c3ba8ea7da17dccfb29
- Size
  
  158KB
- MD5
  
  34926506fefc6f5ebace4672d93af6ba
- SHA1
  
  4afaa8fe82b71906acf06cb2d7e52de160df2e85
- SHA256
  
  46d55c0f9b4a86890ce08b736be10a8e79bccd552b7e8c3ba8ea7da17dccfb29
- SHA512
  
  cd600ea51963756703a7c438c0d8c2d4adc06d5dd5d4521baea6335f8e8c5ca9c1b6f66d6c7ae0d24d7d9c841588944fadf23375555368422f50adf6527baac5
- SSDEEP
  
  3072:FZefcXfiFuibp8/6im+9eJAtp2Ll7JvAGk2ck:FZeEXfiLpAmAtpWMzk
Score

7^/10

persistence ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware

behavioral2

persistenceransomware