7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484 | Triage

Sharing

General

Target

7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484
Size

484KB
Sample

221124-afmgssec69
MD5

a4cea260c512dde09d9166744e42aba0
SHA1

4f0f80519e424c56db49e6287d92af29812f5791
SHA256

7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484
SHA512

75e48912c45b43bd676e89a888add97b2f8cd6b899c9de7268bb052e7288b8157cf6d711562ad4fe59433d52c1f1c46cd2c0f9e7cb427c8f4bc4ef843dd643b4
SSDEEP

12288:e9X1qM8a3ozY5lVuFVCttcO1AcXMP7gzw:EL7o4QFVWtcO6Hgzw

Score

9^/10

evasion persistence ransomware

Malware Config

Targets

- Target
  
  7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484
- Size
  
  484KB
- MD5
  
  a4cea260c512dde09d9166744e42aba0
- SHA1
  
  4f0f80519e424c56db49e6287d92af29812f5791
- SHA256
  
  7d4c453cba27d76f0667106e672e633d79f8b5534514f9693b9af55db7f87484
- SHA512
  
  75e48912c45b43bd676e89a888add97b2f8cd6b899c9de7268bb052e7288b8157cf6d711562ad4fe59433d52c1f1c46cd2c0f9e7cb427c8f4bc4ef843dd643b4
- SSDEEP
  
  12288:e9X1qM8a3ozY5lVuFVCttcO1AcXMP7gzw:EL7o4QFVWtcO6Hgzw
Score

9^/10

evasion persistence ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2