Overview

overview

9

Static

static

2a965e145c...18.exe

windows7-x64

9

2a965e145c...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a965e145c0bf45725601f55b698c5876549e890b8dd7f96161f9350324bcf18

  • Size

    240KB

  • Sample

    221126-fms6tadd29

  • MD5

    12a2da01ed2dbe86f5ff0895aaaf0fbd

  • SHA1

    8fdddc4719b91f75508c32293c3762935c8a4dc7

  • SHA256

    2a965e145c0bf45725601f55b698c5876549e890b8dd7f96161f9350324bcf18

  • SHA512

    826ee90730e194807e608f7bc6c476990fb51a4636ac9ce7169330596f4f340def31174f3cb0a933a589bbfcc5885f8f77f12678d5aae910c10b6e1a7d14796f

  • SSDEEP

    6144:bZQQ9xuUUtT3PPdbUbKwzcpfup/T8pmkQ9:bSWx+zRUWzkgu

Score
9/10
persistenceransomware

Malware Config

Targets

    • Target

      2a965e145c0bf45725601f55b698c5876549e890b8dd7f96161f9350324bcf18

    • Size

      240KB

    • MD5

      12a2da01ed2dbe86f5ff0895aaaf0fbd

    • SHA1

      8fdddc4719b91f75508c32293c3762935c8a4dc7

    • SHA256

      2a965e145c0bf45725601f55b698c5876549e890b8dd7f96161f9350324bcf18

    • SHA512

      826ee90730e194807e608f7bc6c476990fb51a4636ac9ce7169330596f4f340def31174f3cb0a933a589bbfcc5885f8f77f12678d5aae910c10b6e1a7d14796f

    • SSDEEP

      6144:bZQQ9xuUUtT3PPdbUbKwzcpfup/T8pmkQ9:bSWx+zRUWzkgu

    Score
    9/10
    persistenceransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks