a673316d048b600b1b9a36f2cb44d1ebd1ad775858c0b231bacd71d0c23d6d59 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

encryptor.exe

windows7-x64

9

encryptor.exe

windows10-2004-x64

9

Sharing

General

Target

encryptor.zip
Size

357KB
Sample

230330-twkgxseg8z
MD5

53586770fa7c3483b5b6b626ad7130e8
SHA1

36e3f72106c29c83a87ad69d58375038d0b6a326
SHA256

a673316d048b600b1b9a36f2cb44d1ebd1ad775858c0b231bacd71d0c23d6d59
SHA512

360c55a718135790942444193b2a1d20a8fc3047af0d80dbe5eaa5f0a6348d431d6c9ee3b131642f56a5e6ea4b7af65a02a29dac064a102710a49c4a4c690b0f
SSDEEP

6144:pdskVMeoO/U+mSfW/t2qOnqbHRiZj3ZiIU594k9E+mcWFq:XskVBU+Ru/t2MbHRGj3WE+PWA

Score

9^/10

ransomware

Static task

static1

Behavioral task

behavioral1

Sample

encryptor.exe

Resource

win7-20230220-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

encryptor.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  encryptor.exe
- Size
  
  766KB
- MD5
  
  400fa5d02c1ac704cd290d959b725e67
- SHA1
  
  456e5cb1739cb5f29020d1a692289a5af07ce90d
- SHA256
  
  dc563953f845fb88c6375b3e9311ebed49ce4bcd613f7044989304c8de384dac
- SHA512
  
  0240c6608931d975aa45e2a2c76ea43d311fd4660c091510197e30e65ccb69002e47006d1656abc71425186b3c7823881ae56ea39500afaef0fc4b5094b384ad
- SSDEEP
  
  12288:aH3fcbXX/qkpwGarA0iKKjk/1RobRWGDmEd7nLTzGnabKJiM:aH3fcbXX9pwGarA0iKj/1RCWGDmIHQpX
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy