4ddcb90086a6e2e9717a35af358fdb9e2cb7a4fdb861dd83b8e1bdff7d14b912 | Triage

Sharing

General

Target

4ddcb90086a6e2e9717a35af358fdb9e2cb7a4fdb861dd83b8e1bdff7d14b912
Size

554KB
Sample

221125-l8h6madc9w
MD5

a4bb650a27719f16b8f659f330891663
SHA1

cc467e611100b7e6694136e1303aee0f402793b3
SHA256

4ddcb90086a6e2e9717a35af358fdb9e2cb7a4fdb861dd83b8e1bdff7d14b912
SHA512

93bbfc43612aa47a73a1afe598c3a0b8373dddc94e9672582e13824bd5c446b73edbabb60dca0a98fea95786aa98ed595eb5058069338e7e073b229d68ae2e74
SSDEEP

12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqJ:nLueaKR72qKoe/EhdKYavJ

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  4ddcb90086a6e2e9717a35af358fdb9e2cb7a4fdb861dd83b8e1bdff7d14b912
- Size
  
  554KB
- MD5
  
  a4bb650a27719f16b8f659f330891663
- SHA1
  
  cc467e611100b7e6694136e1303aee0f402793b3
- SHA256
  
  4ddcb90086a6e2e9717a35af358fdb9e2cb7a4fdb861dd83b8e1bdff7d14b912
- SHA512
  
  93bbfc43612aa47a73a1afe598c3a0b8373dddc94e9672582e13824bd5c446b73edbabb60dca0a98fea95786aa98ed595eb5058069338e7e073b229d68ae2e74
- SSDEEP
  
  12288:YQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqJ:nLueaKR72qKoe/EhdKYavJ
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2