Overview

overview

10

Static

static

1

Акт с�...23.exe

windows7-x64

10

Акт с�...23.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Акт сверки №534-23 от 29.09.2023.exe

  • Size

    428KB

  • Sample

    231003-gzw9nsae53

  • MD5

    4d55bc5abece2347b6d6d5aeff30762d

  • SHA1

    2463aa8fd7892570129419a6bddc666e2a958e40

  • SHA256

    dcbc8f19ea881e76630d0371b6818b9a06e398934598dc31007e35d4df20ea10

  • SHA512

    fd61b6ffba57045f88796e1e155773bdfb3fca5f3d473742213bfe4fb50001b7bf556746c2c769081ad70cf8d80200dc82f9f2c82ed7efd9d95dc06463bd4dda

  • SSDEEP

    6144:tOYGXaPNxdgSdcq2pVZPOJHAbK//Ufjfd7Z8llqXEdv8tT4:pGqN/XdctpVtkP/uDd72d8a

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      Акт сверки №534-23 от 29.09.2023.exe

    • Size

      428KB

    • MD5

      4d55bc5abece2347b6d6d5aeff30762d

    • SHA1

      2463aa8fd7892570129419a6bddc666e2a958e40

    • SHA256

      dcbc8f19ea881e76630d0371b6818b9a06e398934598dc31007e35d4df20ea10

    • SHA512

      fd61b6ffba57045f88796e1e155773bdfb3fca5f3d473742213bfe4fb50001b7bf556746c2c769081ad70cf8d80200dc82f9f2c82ed7efd9d95dc06463bd4dda

    • SSDEEP

      6144:tOYGXaPNxdgSdcq2pVZPOJHAbK//Ufjfd7Z8llqXEdv8tT4:pGqN/XdctpVtkP/uDd72d8a

    Score
    10/10
    persistenceransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks