e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a | Triage

Sharing

General

Target

e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
Size

468KB
Sample

221124-pkby7adb54
MD5

48e5a248e84d3f9ca932c3d2aeee820b
SHA1

faf92d3340613a28c16e09a333bfbc51637bb7be
SHA256

e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
SHA512

571b92d2309fe3e4ecb9d1a85d45d631b7384fcc8051ca3100f1e6fd0d3cda4de71381f366b248ed2959c304152c2664382f1f6506f613fa08981a198ed9bd7e
SSDEEP

12288:l6UZbz+f5GEfSxPblS876KWMor1jRehXBrcKwyYh:bhz+1f+UhCX12

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
- Size
  
  468KB
- MD5
  
  48e5a248e84d3f9ca932c3d2aeee820b
- SHA1
  
  faf92d3340613a28c16e09a333bfbc51637bb7be
- SHA256
  
  e4ea72a1de2c5e1388cb35eee6beffdae4e06f9fe08f9aca04ad6350e32e338a
- SHA512
  
  571b92d2309fe3e4ecb9d1a85d45d631b7384fcc8051ca3100f1e6fd0d3cda4de71381f366b248ed2959c304152c2664382f1f6506f613fa08981a198ed9bd7e
- SSDEEP
  
  12288:l6UZbz+f5GEfSxPblS876KWMor1jRehXBrcKwyYh:bhz+1f+UhCX12
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2