General
-
Target
9bb98f2989a73a1e3d8d490669462422.bin
-
Size
390KB
-
Sample
231005-cefc7sgb6t
-
MD5
2082c6d31bb6e678cb669706aaf256ef
-
SHA1
9ae39449c1e014655d027366d04a70b4afdb0235
-
SHA256
dbd81aa8ed697aaaa55fba8c1d333e3f0731c89821364d773a024bb7b4e6a743
-
SHA512
42854bb3529a4176af1af56663ff709e9dc9b6e8d75daa0d57ea875f4dbead1d4cce480afb78954e611afcccb7c89f60aa74c77054748301e0411efb55d0272c
-
SSDEEP
6144:bq0rfGjmp3TYohmj0ys1eNSR3u5bT7wQm3zE7TXWgO7wxt1vGfSw54A7Tf8kNSN:lujO3TujvScp7JmDE/NO7QO959za
Static task
static1
Behavioral task
behavioral1
Sample
790b64a5860a5069fedcb660efdffce2b5ab2195086100a6079697b662f0c198.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
790b64a5860a5069fedcb660efdffce2b5ab2195086100a6079697b662f0c198.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\Users\Admin\Desktop\info.hta
Targets
-
-
Target
790b64a5860a5069fedcb660efdffce2b5ab2195086100a6079697b662f0c198.exe
-
Size
570KB
-
MD5
9bb98f2989a73a1e3d8d490669462422
-
SHA1
480b65fe568acd420dacd4b935529f2505e94151
-
SHA256
790b64a5860a5069fedcb660efdffce2b5ab2195086100a6079697b662f0c198
-
SHA512
f84fe96c065c214d3ae623d81da9e0aacc0fdfb3751baa02505b4348d89e6c4a6d29703e579aef5f48ddbb1956c154e228b2337657b135b0a973cc9907e1651e
-
SSDEEP
12288:MTQp8eHRevUGXTYJ0M8SbYrAwhLtaczsQc0TwmqyAAJtT:cc82RGFj80pwY5aczXTNqyz
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (313) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (468) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1