7dc9785958beadf1488dba68dc3a56048397e0c514e1ac8aab0761cec8c9d6ea | Triage

Sharing

General

Target

7dc9785958beadf1488dba68dc3a56048397e0c514e1ac8aab0761cec8c9d6ea
Size

554KB
Sample

221125-yegf6adg31
MD5

678bd5d6ad5a247547f59ad09bc5b86e
SHA1

52e94341b3a400ead9447157aaca3f61c6c1c901
SHA256

7dc9785958beadf1488dba68dc3a56048397e0c514e1ac8aab0761cec8c9d6ea
SHA512

000e39097e8dc18017a6190d583eb89c167d6ff723e682101877ac2ee0e28a50b141a8e65cbdbc2e1336ecdaac02a727ae31bd0a053d375273491e026fac2dfb
SSDEEP

12288:zQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqE:kLueaKR72qKoe/EhdKYavE

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  7dc9785958beadf1488dba68dc3a56048397e0c514e1ac8aab0761cec8c9d6ea
- Size
  
  554KB
- MD5
  
  678bd5d6ad5a247547f59ad09bc5b86e
- SHA1
  
  52e94341b3a400ead9447157aaca3f61c6c1c901
- SHA256
  
  7dc9785958beadf1488dba68dc3a56048397e0c514e1ac8aab0761cec8c9d6ea
- SHA512
  
  000e39097e8dc18017a6190d583eb89c167d6ff723e682101877ac2ee0e28a50b141a8e65cbdbc2e1336ecdaac02a727ae31bd0a053d375273491e026fac2dfb
- SSDEEP
  
  12288:zQjLuRE4xKR72qKoe/ZWsYUxUKQzZZQZsqtOqE:kLueaKR72qKoe/EhdKYavE
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2