96f2cdd7d0786251c7cd6bb71b832942b8ebcb27063e4067cccdd588369c47fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96f2cdd7d0786251c7cd6bb71b832942b8ebcb27063e4067cccdd588369c47fd
Size

24KB
Sample

221205-n1h7rsbe9z
MD5

452a5006f8e68433f94e355a69d5eb66
SHA1

4a03460e076243324caf4aeec0636fecd9264322
SHA256

96f2cdd7d0786251c7cd6bb71b832942b8ebcb27063e4067cccdd588369c47fd
SHA512

1380aa7b438613bb1ec8e6882df5b3d3c8e8183bd52d7910a41d257cc8789b73d1a30e2d4cbda7c7dc5be32fb00ca32aab135b80da46a7ea34fcea20a48b518b
SSDEEP

384:RDqnTqgd8bpNcY4lTeSL53wm8dX0CqXpMKFRPZVMYqnLaYYbzJUNgY:2qmUpN0lSSWm8qCYdRyWYE1Y

Score

6^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  96f2cdd7d0786251c7cd6bb71b832942b8ebcb27063e4067cccdd588369c47fd
- Size
  
  24KB
- MD5
  
  452a5006f8e68433f94e355a69d5eb66
- SHA1
  
  4a03460e076243324caf4aeec0636fecd9264322
- SHA256
  
  96f2cdd7d0786251c7cd6bb71b832942b8ebcb27063e4067cccdd588369c47fd
- SHA512
  
  1380aa7b438613bb1ec8e6882df5b3d3c8e8183bd52d7910a41d257cc8789b73d1a30e2d4cbda7c7dc5be32fb00ca32aab135b80da46a7ea34fcea20a48b518b
- SSDEEP
  
  384:RDqnTqgd8bpNcY4lTeSL53wm8dX0CqXpMKFRPZVMYqnLaYYbzJUNgY:2qmUpN0lSSWm8qCYdRyWYE1Y
Score

6^/10

discovery persistence ransomware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

discoverypersistenceransomware