603e1f18fff33f5fcc99ebf195a5b0df5f7a3a6fc98a03e772a7da4993d737db | Triage

Sharing

General

Target

aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033.zip
Size

682KB
Sample

221124-kzydhsfh3x
MD5

fecea0c22b3fc1a848902bcae0d16027
SHA1

a5fd3809a7640e4ec3bf7617fff3f70eaff1562b
SHA256

603e1f18fff33f5fcc99ebf195a5b0df5f7a3a6fc98a03e772a7da4993d737db
SHA512

0bc85d78c7d4f43ea2457a0ecb40be8b78f0d6d821474acec03d9e3d57429fef7b9a79275637e19d678b9655e6ae4bd9d1a3e72218300deecc940b62d6701379
SSDEEP

12288:bLL+aXlBblQg4+E68dyx2nTKq3vu3HmleiPWW7GzWRhzEMrEXqk2fB:bLDXlp6SE683uqWX5iPDOENZEcB

Score

8^/10

ransomware

Malware Config

Targets

- Target
  
  aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033.exe
- Size
  
  1.1MB
- MD5
  
  42d5422b60e6b5e20e7aaf730a81cc87
- SHA1
  
  e4c5691422f8bb438cae51bdb4340e75efed9f8d
- SHA256
  
  aa50a1e524059a4d184933850bc664a6752608a10ba1e876a4802542dc341033
- SHA512
  
  2eac1dbd2a97dcd4b16e526536ea235553b848dc677a17463ae4ef4381e733e773bd0ac74cf84b89dcd30b56a18e312254c9f2ede6f871b0d1552ea889657f25
- SSDEEP
  
  24576:S7+J7TGhOa+9EuP9HxoXZoVeCe6TXjJpsB8jIy:S7a7TwOaexTz7sU
Score

8^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2