72a314bf4d11e2b688d49677b0e742182bce29d5e0171659b8264985b4a683ac | Triage

Sharing

General

Target

72a314bf4d11e2b688d49677b0e742182bce29d5e0171659b8264985b4a683ac
Size

462KB
Sample

221124-epe7asgb43
MD5

9790f907d4e8ba245862cecd1a2d1343
SHA1

7b9d53a402cf90729f8becefda6b3de087c14c0d
SHA256

72a314bf4d11e2b688d49677b0e742182bce29d5e0171659b8264985b4a683ac
SHA512

b052b891f60cb75b76331b56ffc2608be58e625a1c88209bf87d664766f922d02afdf3a8f54060c4414d61126c80686da435cc7fb37396c10f9827470bec9462
SSDEEP

12288:sBIETUWRJUHDqee5zicsNNFoAwMV1O8oxZbDKzjIEyjJ:chTUC2tcziceNFE8oPDKHIEyjJ

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  72a314bf4d11e2b688d49677b0e742182bce29d5e0171659b8264985b4a683ac
- Size
  
  462KB
- MD5
  
  9790f907d4e8ba245862cecd1a2d1343
- SHA1
  
  7b9d53a402cf90729f8becefda6b3de087c14c0d
- SHA256
  
  72a314bf4d11e2b688d49677b0e742182bce29d5e0171659b8264985b4a683ac
- SHA512
  
  b052b891f60cb75b76331b56ffc2608be58e625a1c88209bf87d664766f922d02afdf3a8f54060c4414d61126c80686da435cc7fb37396c10f9827470bec9462
- SSDEEP
  
  12288:sBIETUWRJUHDqee5zicsNNFoAwMV1O8oxZbDKzjIEyjJ:chTUC2tcziceNFE8oPDKHIEyjJ
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2