5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef | Triage

Submit
Reports

Overview

overview

9

Static

static

5a4b59886e...ef.exe

windows7-x64

9

5a4b59886e...ef.exe

windows10-2004-x64

7

Sharing

General

Target

5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef
Size

244KB
Sample

221124-jnammscf2t
MD5

b725067c7926e8a3268d2fabfcad7b4e
SHA1

2518fb688bec920f49e6b20144dc385866a2a70c
SHA256

5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef
SHA512

41a2631b82f007cfca0e50904ff288995c202583c0da99df94cf840f5f3b8b6cb332e17cd95ce737f4379074e60250932b5c61d39cb37d829003915c538f908c
SSDEEP

6144:zKsiUOlPoYuvIPXCJ7/r32Ay1BJWCTVTAmk:zx8QYuOCp2Ay/dK

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef.exe

Resource

win7-20221111-en

persistence ransomware

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef
- Size
  
  244KB
- MD5
  
  b725067c7926e8a3268d2fabfcad7b4e
- SHA1
  
  2518fb688bec920f49e6b20144dc385866a2a70c
- SHA256
  
  5a4b59886e1720839a0731967c000e239cddd5220c3a82d54e326e4b3ca78eef
- SHA512
  
  41a2631b82f007cfca0e50904ff288995c202583c0da99df94cf840f5f3b8b6cb332e17cd95ce737f4379074e60250932b5c61d39cb37d829003915c538f908c
- SSDEEP
  
  6144:zKsiUOlPoYuvIPXCJ7/r32Ay1BJWCTVTAmk:zx8QYuOCp2Ay/dK
Score

9^/10

persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

persistenceransomware

behavioral2

© 2018-2024

Terms | Privacy