0c32d7613160af1241fba24f7d6a995186921703d18252dbaa857aa03c07da10 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

com.steam....75.msi

windows10-2004-x64

9

Resubmissions

18-07-2023 19:16

230718-xyrwkadc59 9

18-07-2023 18:54

230718-xkgtfaea5z 9

Sharing

General

Target

com.steam.687750_installer_44234475.msi.7z
Size

30.0MB
Sample

230718-xkgtfaea5z
MD5

a72b9c633cfb387d6965e9c86eadfbe9
SHA1

f40391899b51fe49127fb742b0595fd5113b3195
SHA256

0c32d7613160af1241fba24f7d6a995186921703d18252dbaa857aa03c07da10
SHA512

cb8e62653865d6b0d0bc71624a66a3b9cff490889161c1ec21631e00a0483dc92b3ceb87cba645e1afb2159fd5086eb99a1b0ae4457ffd1ad945e424ca8cbff9
SSDEEP

786432:AYYJ/ztsj1T0vfKG9zFnoQvF2fFoWAfnJCPROm3sadc4:sUj8KGRpo62fFofnbaW4

Score

9^/10

persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

com.steam.687750_installer_44234475.msi

Resource

win10v2004-20230703-en

persistence ransomware

windows10-2004-x64

21 signatures

300 seconds

Malware Config

Targets

- Target
  
  com.steam.687750_installer_44234475.msi
- Size
  
  37.2MB
- MD5
  
  b672d2824125bc19198f2b72a2681bc1
- SHA1
  
  f4cb9c57397fc4c3110a1887f625527b88f41e38
- SHA256
  
  a02b53d9de6a12ac62756d89aeba7196d51f42498171499a89ddc5105b0ac769
- SHA512
  
  62e91a1266be9016cbb72ee3f8b3821d07fece71fefe6dcfd28b9d55836ff0092af47028874d22720f1468eedeb7afd777d753a5ad5b8a724b9d727b3d5a38bb
- SSDEEP
  
  393216:0+WKfCjRguX1IHiZucfo3RwCn1VJopk4ZNtq9jSi79Es+w5dI80eaAJqsc5tlqH8:Tf23X1I0WRwCPOC4nvOck0l5SpXKB
Score

9^/10

persistence ransomware
- Renames multiple (54) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomware

© 2018-2025

Terms | Privacy