db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb | Triage

Submit
Reports

Overview

overview

Static

static

db7c08150b...eb.exe

windows7-x64

db7c08150b...eb.exe

windows10-2004-x64

Sharing

General

Target

db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb
Size

31KB
Sample

221126-erznqabb65
MD5

ee53b422d70c28deaa09cee30775b554
SHA1

fe98afd2217238056038959762556b95a8a6ddf7
SHA256

db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb
SHA512

801105aa21306aa51d9a35d108b1409a7e8b8277ddf9b99a399c86a5fceb19b81836c6a95a3ac74b6724de3072b62221df191a9e4bed4ca0633720e42935f182
SSDEEP

768:Vzt7u1jjS6B129GNmjd12HxhGGRrQ/+LUINtInbYCDOdw:VJ7uVhm92E+xhzQGwU0D

Score

10^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb.exe

Resource

win7-20220812-en

evasion persistence ransomware

windows7-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb.exe

Resource

win10v2004-20220812-en

evasion persistence ransomware

windows10-2004-x64

28 signatures

150 seconds

Malware Config

Targets

- Target
  
  db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb
- Size
  
  31KB
- MD5
  
  ee53b422d70c28deaa09cee30775b554
- SHA1
  
  fe98afd2217238056038959762556b95a8a6ddf7
- SHA256
  
  db7c08150b88cd89584356b38c9e8ad7c05df50184b3ad76b938757a7b2f3beb
- SHA512
  
  801105aa21306aa51d9a35d108b1409a7e8b8277ddf9b99a399c86a5fceb19b81836c6a95a3ac74b6724de3072b62221df191a9e4bed4ca0633720e42935f182
- SSDEEP
  
  768:Vzt7u1jjS6B129GNmjd12HxhGGRrQ/+LUINtInbYCDOdw:VJ7uVhm92E+xhzQGwU0D
Score

10^/10

evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

behavioral2

evasionpersistenceransomware

© 2018-2024

Terms | Privacy