e3653978e44ea046b67eef1fe25bbbd26d7199a0b7e4f21bf38d7e42a773865c | Triage

Submit
Reports

Overview

overview

Static

static

1

Ekran Gör...0).png

windows7-x64

8

Ekran Gör...0).png

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Ekran Görüntüsü (10).png
Size

2.3MB
Sample

230216-s1qn3aac69
MD5

a2a388802450f0a1ad15e936afcb4d78
SHA1

8a0cfe57eacc774fb8269b67dde4c3f7884cb5b0
SHA256

e3653978e44ea046b67eef1fe25bbbd26d7199a0b7e4f21bf38d7e42a773865c
SHA512

1e5260b8393503b93e580a3d534e6492ff7276bf80fb9fbfad4ba3c7c083ab9bd098fa9782a24f8c76f725c7fba0579ae4d34f121e0ee5dcc7bd97e95b3928db
SSDEEP

49152:Klgt6F9cfKVEJKJJUW1gJ5nfP5Y8pa2+a6TniHUqXT/cbf5AoIF:4gtBKKK1E5fh/Px6kUYwbGoIF

Score

10^/10

discovery evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ekran Görüntüsü (10).png

Resource

win7-20220812-en

discovery persistence

windows7-x64

19 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Ekran Görüntüsü (10).png

Resource

win10v2004-20220901-en

evasion persistence ransomware trojan

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Ekran Görüntüsü (10).png
- Size
  
  2.3MB
- MD5
  
  a2a388802450f0a1ad15e936afcb4d78
- SHA1
  
  8a0cfe57eacc774fb8269b67dde4c3f7884cb5b0
- SHA256
  
  e3653978e44ea046b67eef1fe25bbbd26d7199a0b7e4f21bf38d7e42a773865c
- SHA512
  
  1e5260b8393503b93e580a3d534e6492ff7276bf80fb9fbfad4ba3c7c083ab9bd098fa9782a24f8c76f725c7fba0579ae4d34f121e0ee5dcc7bd97e95b3928db
- SSDEEP
  
  49152:Klgt6F9cfKVEJKJJUW1gJ5nfP5Y8pa2+a6TniHUqXT/cbf5AoIF:4gtBKKK1E5fh/Px6kUYwbGoIF
Score

10^/10

discovery persistence evasion ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

evasionpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy