Overview

overview

9

Static

static

Processing...__.exe

windows7-x64

9

Processing...__.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff3556a2c19248947db3628a4d630df05cc88e2e57189537704e39db7be81463

  • Size

    295KB

  • Sample

    221124-my2qnace8v

  • MD5

    4c9e3d4c4bd2e3a960489500f658acca

  • SHA1

    5c3385ef5dbf3cf07c834f64a2930778748e5230

  • SHA256

    ff3556a2c19248947db3628a4d630df05cc88e2e57189537704e39db7be81463

  • SHA512

    143e67bc16ce26570cf7e7fee3f70a140621c9b272ead1a2358a72553c170dd765d15670ded68c717c0108c00b0e41dc3649c5c3ab91ccff0f09d6c6bc62e470

  • SSDEEP

    6144:wtMsLvfku4J/5S71EMjCa/9zq0+pBQphUl6Z/MADKn:wtB3TZOalzq0+jQjUCEADS

Score
9/10
collectionevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Processing.Pdf____________________________________________________________.exe

    • Size

      494KB

    • MD5

      cb607388d6b05dcf0d77fd06f563511d

    • SHA1

      85717a638f5a3cc62b2f5e25897fcee997f35070

    • SHA256

      8a375f861957b7effcda03ba43720d5bc14eeea97a33475a78b904714283d04e

    • SHA512

      3bc8cd97bad6c38711eb67ff88b7cc158d991677a0a07d3efb73837d43eaa7bdbd7fb96d2f5a225f5a4fc39cc1aa2a2c6cd4091d201da79cb7be98fd459c246a

    • SSDEEP

      6144:+7imLFJzjEIl1qcQL7twzWuWFyvgI/EhlRlI8tEUauf+zT3:6RljEIXZ6uaUgF3RllT+zT3

    Score
    9/10
    collectionevasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks