dd6c2f9edf7477686f44114e7526153235f93fa36e47012fc002122c9d2c5538 | Triage

Sharing

General

Target

dd6c2f9edf7477686f44114e7526153235f93fa36e47012fc002122c9d2c5538
Size

743KB
Sample

221128-db2mpshh58
MD5

5122c31721ff3f7fc5e608573b831bde
SHA1

fb954968820259a95fc7852b0babcebe584b85fc
SHA256

dd6c2f9edf7477686f44114e7526153235f93fa36e47012fc002122c9d2c5538
SHA512

6965e7e7bc6774bb9744d50fc991523177a06f23b73c31d26a7674eeae49b84808ad3845d24297cfc31f4f632de03c3087b9e867ab1db36235bd403d8d229ef6
SSDEEP

12288:Lep8fcP7cG9CZmSqKd89MP77IKVuOvYeHSo+ImSZhSRfexlF:K8qbfwd8WPfbVHvHHSo+n9+v

Score

9^/10

evasion persistence ransomware trojan

Malware Config

Targets

- Target
  
  dd6c2f9edf7477686f44114e7526153235f93fa36e47012fc002122c9d2c5538
- Size
  
  743KB
- MD5
  
  5122c31721ff3f7fc5e608573b831bde
- SHA1
  
  fb954968820259a95fc7852b0babcebe584b85fc
- SHA256
  
  dd6c2f9edf7477686f44114e7526153235f93fa36e47012fc002122c9d2c5538
- SHA512
  
  6965e7e7bc6774bb9744d50fc991523177a06f23b73c31d26a7674eeae49b84808ad3845d24297cfc31f4f632de03c3087b9e867ab1db36235bd403d8d229ef6
- SSDEEP
  
  12288:Lep8fcP7cG9CZmSqKd89MP77IKVuOvYeHSo+ImSZhSRfexlF:K8qbfwd8WPfbVHvHHSo+n9+v
Score

9^/10

evasion persistence ransomware trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceransomwaretrojan

behavioral2

evasionpersistenceransomwaretrojan