bb7e2066f53bdbb8e93edfa8e900d5be3e2d00ca0a59f9feaa8b8107db7a5d4d | Triage

Submit
Reports

Overview

overview

9

Static

static

e37a0ece30...3f.exe

windows7-x64

9

e37a0ece30...3f.exe

windows10-2004-x64

9

Sharing

General

Target

e37a0ece30267233f1dddf3c2300393f.bin
Size

1.8MB
Sample

221206-d43qgacc8s
MD5

e37a0ece30267233f1dddf3c2300393f
SHA1

27610367c41c1b8d3a26885b40fd7aac748189b2
SHA256

bb7e2066f53bdbb8e93edfa8e900d5be3e2d00ca0a59f9feaa8b8107db7a5d4d
SHA512

a0e5ceafb39f9ad3774d6a250646bae5f5595c1330bef3df7d448778ee519bc35ce221526c1a4d3db88107b5ccf1b465eef11e5b00cfc680bcdb9cea92ba87c2
SSDEEP

24576:u+KpPMyIIzkQ8dEaMTbAbyR0seBM+VEzif+b9z1WexjaGWMtavBB3MmtP6mRR3sA:6Tv9PcvhuaGRU3HtP6mRR3s9fa7B

Score

9^/10

evasion ransomware

Static task

static1

Behavioral task

behavioral1

Sample

e37a0ece30267233f1dddf3c2300393f.exe

Resource

win7-20220812-en

evasion ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e37a0ece30267233f1dddf3c2300393f.exe

Resource

win10v2004-20220812-en

evasion ransomware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e37a0ece30267233f1dddf3c2300393f.bin
- Size
  
  1.8MB
- MD5
  
  e37a0ece30267233f1dddf3c2300393f
- SHA1
  
  27610367c41c1b8d3a26885b40fd7aac748189b2
- SHA256
  
  bb7e2066f53bdbb8e93edfa8e900d5be3e2d00ca0a59f9feaa8b8107db7a5d4d
- SHA512
  
  a0e5ceafb39f9ad3774d6a250646bae5f5595c1330bef3df7d448778ee519bc35ce221526c1a4d3db88107b5ccf1b465eef11e5b00cfc680bcdb9cea92ba87c2
- SSDEEP
  
  24576:u+KpPMyIIzkQ8dEaMTbAbyR0seBM+VEzif+b9z1WexjaGWMtavBB3MmtP6mRR3sA:6Tv9PcvhuaGRU3HtP6mRR3s9fa7B
Score

9^/10

evasion ransomware
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Indicator Removal on Host

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionransomware

behavioral2

evasionransomware

© 2018-2025

Terms | Privacy