302ff52ee53fd6950b16d2a01ec8f52b69243b59941e813544adbf314b552bfd | Triage

Submit
Reports

Overview

overview

Static

static

1

cmdebug.exe

windows10-2004-x64

Resubmissions

22/07/2023, 00:37

230722-ayw4yshg31 10

22/07/2023, 00:31

230722-at49rshg3t 10

Sharing

Copy URL Twitter E-mail

General

Target

cmdebug.exe
Size

50.3MB
Sample

230722-ayw4yshg31
MD5

cc8759b78a22b703e76249585d770d63
SHA1

83d7054901be52586627d232beb0cdda698645d2
SHA256

302ff52ee53fd6950b16d2a01ec8f52b69243b59941e813544adbf314b552bfd
SHA512

0dce892767c32240eb3c10d25b3f49c2bd91e3a952f24582bf56b3e892b639873a3649622cc1491db7025d8f5adc728991b21f8ba8ad3b9583c9b15f7870c827
SSDEEP

1572864:HeqJLoSVel+jw80spvPhESQbubbnFysDjQ:HeqP7r0KXhEStrDc

Score

10^/10

evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

cmdebug.exe

Resource

win10v2004-20230703-es

evasion persistence ransomware

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  cmdebug.exe
- Size
  
  50.3MB
- MD5
  
  cc8759b78a22b703e76249585d770d63
- SHA1
  
  83d7054901be52586627d232beb0cdda698645d2
- SHA256
  
  302ff52ee53fd6950b16d2a01ec8f52b69243b59941e813544adbf314b552bfd
- SHA512
  
  0dce892767c32240eb3c10d25b3f49c2bd91e3a952f24582bf56b3e892b639873a3649622cc1491db7025d8f5adc728991b21f8ba8ad3b9583c9b15f7870c827
- SSDEEP
  
  1572864:HeqJLoSVel+jw80spvPhESQbubbnFysDjQ:HeqP7r0KXhEStrDc
Score

10^/10

evasion persistence ransomware
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistenceransomware

© 2018-2025

Terms | Privacy