78080e7ad42fd75fb48ff1bff23ea3e9e95686d113638e2c650e79c9c98734da | Triage

Submit
Reports

Overview

overview

8

Static

static

46d340eaf6...8b.exe

windows7-x64

8

46d340eaf6...8b.exe

windows10-2004-x64

8

Resubmissions

22/01/2023, 10:41

230122-mrjaqsfg99 8

06/01/2023, 01:59

230106-cet7cshe8z 8

Sharing

Copy URL Twitter E-mail

General

Target

46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.zip
Size

862KB
Sample

230122-mrjaqsfg99
MD5

b7cdd21a7d0fabcd1ce4168972768842
SHA1

93f6c45b6d57c9ba9938e0466bbbb1c6d6d64620
SHA256

78080e7ad42fd75fb48ff1bff23ea3e9e95686d113638e2c650e79c9c98734da
SHA512

cfb2013ded1e6c20a6b318e5cc1dac7d4e5cedb64beb325dff79d1a2d6ba07db5aadd9faece6880c62c7228cae0235d5b7f6aa49200e9a6e1a9e27b0f05f546f
SSDEEP

24576:eA1irf91/klPplDJba/19H0zGi4I4wwjSLuD7j:eA1irFIpl819Hti4IZwjSLuD7j

Score

8^/10

discovery persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe

Resource

win7-20220812-en

discovery persistence ransomware spyware stealer

windows7-x64

27 signatures

1800 seconds

Behavioral task

behavioral2

Sample

46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe

Resource

win10v2004-20221111-en

ransomware spyware stealer

windows10-2004-x64

12 signatures

1800 seconds

Malware Config

Targets

- Target
  
  46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
- Size
  
  2.0MB
- MD5
  
  36171704cde087f839b10c2465d864e1
- SHA1
  
  e3baa1c3ee9aa1d5ae61187be2e20ea9cb57d538
- SHA256
  
  46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b
- SHA512
  
  9d13d5aa950a16a36123585917533238cde146ef67d2af23f23dc83aea5764dc90f3533a74747b80f3c113c9895a6e3ac1c6f4801ae2df6d6f9ec5f8b2bc31ae
- SSDEEP
  
  49152:SddZjtDrb/TyvO90dL3BmAFd4A64nsfJ7j7TPtGcddRgLj2Dau/oZzQFz1j:Sdfj7zyg5oo
Score

8^/10

discovery persistence ransomware spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy