d0e352ba8198a9791bc21df9d40da653c8d267364fdd652cf534645bccd2c579 | Triage

Submit
Reports

Overview

overview

Static

static

3

CSP/CSPSetup.exe

windows7-x64

CSP/CSPSetup.exe

windows10-2004-x64

Sharing

General

Target

CSP.rar
Size

201KB
Sample

230922-ks8wnseh7y
MD5

3cdbecc353ccb99a9bec6f32d398dafe
SHA1

9c9221dd822b6545fdda3750e21849805c310a14
SHA256

d0e352ba8198a9791bc21df9d40da653c8d267364fdd652cf534645bccd2c579
SHA512

1d7e83c33889b16640b751e239c0ece34509f617d1a94936182611375a5457c3348d3c59aeb93647f2792ae5f1c9773161940d5dd4f1ac4f4629e00750d0bc3b
SSDEEP

6144:icVWp2tYPaUWqB9bJZAtkPPd5EHk3p1BC:iVqwaizb5Pdl6

Score

10^/10

ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CSP/CSPSetup.exe

Resource

win7-20230831-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

CSP/CSPSetup.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  CSP/CSPSetup.exe
- Size
  
  337KB
- MD5
  
  e21e58ae803e22166cbade636b658ee6
- SHA1
  
  4522f09f824d56594e3108eda0ece67a529de31b
- SHA256
  
  5f7527bdb49d1f6a440aad9296888f8884818bea3b6af7d85da1ee5bde7f2574
- SHA512
  
  6120f76bb8ee57be38681a71ccffc14c6f6a2e10b0a9df7ab95d1d596ff7eb590f2c4d0087ba4b24d1105d2b7b920621146c25dc026ebf6a96297b8f9edbfdbb
- SSDEEP
  
  6144:LOYGXaPNxdgSdcq2pVZPOJHAbKL2grda6CtHjuKHOtugq:fGqN/XdctpVtkb2grU6+Hau3
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2023

Terms | Privacy