Overview

overview

9

Static

static

752b6501e2...59.exe

windows7-x64

9

752b6501e2...59.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    752b6501e2db6d7f2115dfa11423fe52bfc0950932f227dee604083f9c5a5659

  • Size

    735KB

  • Sample

    221128-dksq6aee3w

  • MD5

    444db1f0fae814d3552eabb7ac59f58f

  • SHA1

    8fe95ed6462012e71229421117c3e3aedaaa58d8

  • SHA256

    752b6501e2db6d7f2115dfa11423fe52bfc0950932f227dee604083f9c5a5659

  • SHA512

    2b10b28ebad28875bfd824bc07f5d4cafd1fa040e9b8cad3a0cdef88e5c0ac7fbb9faafad678054097bd9d76ffb2c3eea69e1d0b34490f0fb67c99f65af9b67b

  • SSDEEP

    12288:Adp8fcf7cNCZmSqKd89MP79IKVLbKSctHSoHGkb9uAO7GjBEvRGGW:s86mwd8WPxbVXF2HSoHGkbxOaEgGW

Score
9/10
evasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      752b6501e2db6d7f2115dfa11423fe52bfc0950932f227dee604083f9c5a5659

    • Size

      735KB

    • MD5

      444db1f0fae814d3552eabb7ac59f58f

    • SHA1

      8fe95ed6462012e71229421117c3e3aedaaa58d8

    • SHA256

      752b6501e2db6d7f2115dfa11423fe52bfc0950932f227dee604083f9c5a5659

    • SHA512

      2b10b28ebad28875bfd824bc07f5d4cafd1fa040e9b8cad3a0cdef88e5c0ac7fbb9faafad678054097bd9d76ffb2c3eea69e1d0b34490f0fb67c99f65af9b67b

    • SSDEEP

      12288:Adp8fcf7cNCZmSqKd89MP79IKVLbKSctHSoHGkb9uAO7GjBEvRGGW:s86mwd8WPxbVXF2HSoHGkbxOaEgGW

    Score
    9/10
    evasionpersistenceransomwaretrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks