7345c124e4c7e8ec57b4bc7a5b411711ee27373bbe4b316aac2ea7226095d647 | Triage

Sharing

General

Target

7345c124e4c7e8ec57b4bc7a5b411711ee27373bbe4b316aac2ea7226095d647
Size

281KB
Sample

221126-fdft5aga2y
MD5

9c46f44b7c7cf65a978f23bf969973b7
SHA1

75f5b1c271247068b6e9ac828f095c31b6ad9235
SHA256

7345c124e4c7e8ec57b4bc7a5b411711ee27373bbe4b316aac2ea7226095d647
SHA512

b9c6f1bdac0687d966e1b18f9b438e951cdec102b121f4159ebda7514e3d2085812a0d0e662928c76988fb4091e6aab789efad39e495d4d1a4743216980f6f07
SSDEEP

6144:TXRS4cssp/bApfSvFu6W2Gbiiv1+Iod7+Ymt0pNPRZQEuY:p2efSNu6WnbrvsIoZ+Ymt2SY

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  Transazione.Pdf______________________________________________________________.exe
- Size
  
  442KB
- MD5
  
  6fb99593905840cf95ab2364c4c87d63
- SHA1
  
  8d0aafee1cabe7b6cc0caf93ffafd3da3bff8b9b
- SHA256
  
  c9b0c5e1e5f11319e9b8845cf27106dd31254077caec4b9bb3ae16f8ac5420c7
- SHA512
  
  ed5da6f84c3627b740a153db5a86facf23710bfd2f83aafbfe8fc64098823cfec27909cbcf9d80d0ae17c32d928e5dc91a8481973c2ec22436e6e30bd9d32a5d
- SSDEEP
  
  6144:8joxeLzWAedqagVnGxqFL9hCPFvuE/pvj3hGUdXZGKb1T7oPFkCs1QBPY4:VxeHWAIMicCR/FHXZtSj
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2