General
-
Target
9d163fbffc9692a3143362c51d35d5ab52d1f209d9d5e053196c79a30e6f7acf
-
Size
1.7MB
-
Sample
230923-zmpyyaad31
-
MD5
a6ab201ae407fbe4a5da5f20dc38412b
-
SHA1
b3f8caf67f36730ad87031d206db91c861980615
-
SHA256
9d163fbffc9692a3143362c51d35d5ab52d1f209d9d5e053196c79a30e6f7acf
-
SHA512
eb0e97119784d4f60ac5b1c499e4bdfa885243c8859d79e92e1c07a2aba3539606e5df978d8d63d7764fe898e691488a53d02fc495dc837b930cfe3d83cede2b
-
SSDEEP
24576:fp1vJ+VbHGsD+KBrdrDeZYeGMqrK5Nt9Z64JrQTwkMZddfy6Tsqp+RjfMst:x3KpyJrQTwo6Tszgs
Static task
static1
Behavioral task
behavioral1
Sample
9d163fbffc9692a3143362c51d35d5ab52d1f209d9d5e053196c79a30e6f7acf.exe
Resource
win10-20230915-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\Users\Admin\Desktop\info.hta
Targets
-
-
Target
9d163fbffc9692a3143362c51d35d5ab52d1f209d9d5e053196c79a30e6f7acf
-
Size
1.7MB
-
MD5
a6ab201ae407fbe4a5da5f20dc38412b
-
SHA1
b3f8caf67f36730ad87031d206db91c861980615
-
SHA256
9d163fbffc9692a3143362c51d35d5ab52d1f209d9d5e053196c79a30e6f7acf
-
SHA512
eb0e97119784d4f60ac5b1c499e4bdfa885243c8859d79e92e1c07a2aba3539606e5df978d8d63d7764fe898e691488a53d02fc495dc837b930cfe3d83cede2b
-
SSDEEP
24576:fp1vJ+VbHGsD+KBrdrDeZYeGMqrK5Nt9Z64JrQTwkMZddfy6Tsqp+RjfMst:x3KpyJrQTwo6Tszgs
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (448) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1