Overview

overview

9

Static

static

effb29ff4f...b3.exe

windows7-x64

effb29ff4f...b3.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    effb29ff4f343f9264cdb28c27e3789ea8da7b1f971ad92febb9ff061396d6b3

  • Size

    407KB

  • Sample

    221126-neanhaba37

  • MD5

    60e7da890c323a6f0685d0b5fe8b8ead

  • SHA1

    3716c45a6fc02b9be96951a5a7ce861536472af3

  • SHA256

    effb29ff4f343f9264cdb28c27e3789ea8da7b1f971ad92febb9ff061396d6b3

  • SHA512

    c1a7d2cc8296776855a31a30960e1fe5861e269896261c31d817136390b86bc015b94018f7708cb2d75d80992acfa24203701f70e9ad947994123e50bca5045f

  • SSDEEP

    12288:2gwj35X0zH2T07744h7NlOxSlcO0gz9BzNm:gz5X6HM0774876md/z4

Score
9/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      effb29ff4f343f9264cdb28c27e3789ea8da7b1f971ad92febb9ff061396d6b3

    • Size

      407KB

    • MD5

      60e7da890c323a6f0685d0b5fe8b8ead

    • SHA1

      3716c45a6fc02b9be96951a5a7ce861536472af3

    • SHA256

      effb29ff4f343f9264cdb28c27e3789ea8da7b1f971ad92febb9ff061396d6b3

    • SHA512

      c1a7d2cc8296776855a31a30960e1fe5861e269896261c31d817136390b86bc015b94018f7708cb2d75d80992acfa24203701f70e9ad947994123e50bca5045f

    • SSDEEP

      12288:2gwj35X0zH2T07744h7NlOxSlcO0gz9BzNm:gz5X6HM0774876md/z4

    Score
    9/10
    evasionpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks