Overview

overview

9

Static

static

63a307b710...77.exe

windows7-x64

9

63a307b710...77.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63a307b7108aae9b85749f1682c69f28921f01cff3065874733c0cb1a64ee777

  • Size

    284KB

  • Sample

    221123-vj3cmscb4y

  • MD5

    a2519feab5a5a08d1e132cb746a75d1c

  • SHA1

    7458bd587744f683e0ab05d1818ddb496c4181bb

  • SHA256

    63a307b7108aae9b85749f1682c69f28921f01cff3065874733c0cb1a64ee777

  • SHA512

    aae6b6827438e0ec2c1b337da6344d4f03722acbccc8e34dbc062bbc04615cda64bcdbcbda474796a56a4ccaf465965ee176546a9a8a063ccc4c89ca6570ff38

  • SSDEEP

    6144:JGwxeg9ZBxx6Eimh6wiLFojVIeTQF+2igrr3LmYjVZ1S:JH5xx+mh6zLiPgHLmEVLS

Score
9/10
persistenceransomware

Malware Config

Targets

    • Target

      63a307b7108aae9b85749f1682c69f28921f01cff3065874733c0cb1a64ee777

    • Size

      284KB

    • MD5

      a2519feab5a5a08d1e132cb746a75d1c

    • SHA1

      7458bd587744f683e0ab05d1818ddb496c4181bb

    • SHA256

      63a307b7108aae9b85749f1682c69f28921f01cff3065874733c0cb1a64ee777

    • SHA512

      aae6b6827438e0ec2c1b337da6344d4f03722acbccc8e34dbc062bbc04615cda64bcdbcbda474796a56a4ccaf465965ee176546a9a8a063ccc4c89ca6570ff38

    • SSDEEP

      6144:JGwxeg9ZBxx6Eimh6wiLFojVIeTQF+2igrr3LmYjVZ1S:JH5xx+mh6zLiPgHLmEVLS

    Score
    9/10
    ransomwarepersistence

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks