Overview

overview

9

Static

static

30f1628ecd...98.exe

windows7-x64

9

30f1628ecd...98.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98

  • Size

    488KB

  • Sample

    221126-pv1ejaga81

  • MD5

    e5cb9f85899a9133ebddc238be517594

  • SHA1

    5b5c6c28a03e9bf21fe2856f96d52841ede49b55

  • SHA256

    30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98

  • SHA512

    fd0e67ac7cb25f78103d575a3d5bb5b15adf80743625e43fcc8f556e29d9282d77ffd3a640d988ae0f0e0d2a86769c35881ecbaf901793610fe1e94fe9fa9bb3

  • SSDEEP

    12288:7NhQPh82gxvXJQhKe8f/MTUgTOej1+pdOeKaJKQ:7oP4XJU8f/MjT3wdOeTKQ

Score
9/10
evasionransomware

Malware Config

Targets

    • Target

      30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98

    • Size

      488KB

    • MD5

      e5cb9f85899a9133ebddc238be517594

    • SHA1

      5b5c6c28a03e9bf21fe2856f96d52841ede49b55

    • SHA256

      30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98

    • SHA512

      fd0e67ac7cb25f78103d575a3d5bb5b15adf80743625e43fcc8f556e29d9282d77ffd3a640d988ae0f0e0d2a86769c35881ecbaf901793610fe1e94fe9fa9bb3

    • SSDEEP

      12288:7NhQPh82gxvXJQhKe8f/MTUgTOej1+pdOeKaJKQ:7oP4XJU8f/MjT3wdOeTKQ

    Score
    9/10
    evasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks