General
-
Target
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c
-
Size
744KB
-
Sample
231004-ascs5aaa65
-
MD5
8b3ebf83ef13fc6fb805a60851635751
-
SHA1
72a285b0b7ddd02a269dcdd8a77e93e32d475344
-
SHA256
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c
-
SHA512
d04197080a6124cddd8ce2b8e7c2cd53ff6adf623379aa80f1206ebc3d2bac169a01c18a9eeeef9d71eb37e7a0e2232eecbf130fe577c2089aea05a7542caccf
-
SSDEEP
12288:MQwyiloPKmAGzrdm+blQnjL0U0ESJ2caaE17hrCyvMzu6FRAbKSXut0wGc0U6xbP:syilG1AGzrdm+ajoU82caaEDWyvMW+lM
Static task
static1
Behavioral task
behavioral1
Sample
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\users\public\desktop\info.hta
Targets
-
-
Target
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c
-
Size
744KB
-
MD5
8b3ebf83ef13fc6fb805a60851635751
-
SHA1
72a285b0b7ddd02a269dcdd8a77e93e32d475344
-
SHA256
eb24adb38f36113fe71f942596c355afd59a2e83a0663daf32ae9bb30059732c
-
SHA512
d04197080a6124cddd8ce2b8e7c2cd53ff6adf623379aa80f1206ebc3d2bac169a01c18a9eeeef9d71eb37e7a0e2232eecbf130fe577c2089aea05a7542caccf
-
SSDEEP
12288:MQwyiloPKmAGzrdm+blQnjL0U0ESJ2caaE17hrCyvMzu6FRAbKSXut0wGc0U6xbP:syilG1AGzrdm+ajoU82caaEDWyvMW+lM
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (313) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (468) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1