cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403 | Triage

Submit
Reports

Overview

overview

9

Static

static

cd9681cfe1...03.exe

windows7-x64

9

cd9681cfe1...03.exe

windows10-2004-x64

9

Sharing

General

Target

cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403
Size

364KB
Sample

221123-wz42vadd52
MD5

54a2c676671f6ddbb2177bf8e890acd0
SHA1

884cfa603a2b4e79d6fe2f41d102e6b55ee2de59
SHA256

cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403
SHA512

fab5630b95bd11cadaa2179f0add2946b2185d5594251762d2c00f5cd0f86877e3fe7a47b46b6172865aa30ffd743ea218b3b5584124dbd5e8dc7a6a7623f2c9
SSDEEP

6144:FC4m9hjy766vocAXRXi1s4dKNLGEbhSBr29lW7XczExw4Rqo:zm9hjR6A7hXEcNLtSBybW7cO7oo

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403.exe

Resource

win7-20220901-en

persistence ransomware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403
- Size
  
  364KB
- MD5
  
  54a2c676671f6ddbb2177bf8e890acd0
- SHA1
  
  884cfa603a2b4e79d6fe2f41d102e6b55ee2de59
- SHA256
  
  cd9681cfe1ef76bf46c079e4de23b7ba72bce3929585fae08e0a62937e38d403
- SHA512
  
  fab5630b95bd11cadaa2179f0add2946b2185d5594251762d2c00f5cd0f86877e3fe7a47b46b6172865aa30ffd743ea218b3b5584124dbd5e8dc7a6a7623f2c9
- SSDEEP
  
  6144:FC4m9hjy766vocAXRXi1s4dKNLGEbhSBr29lW7XczExw4Rqo:zm9hjR6A7hXEcNLtSBybW7cO7oo
Score

9^/10

persistence ransomware
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

© 2018-2024

Terms | Privacy