General
-
Target
ecdf7acb35e4268bcafb03b8af12f659
-
Size
686KB
-
Sample
231006-ew6mtsbb27
-
MD5
ecdf7acb35e4268bcafb03b8af12f659
-
SHA1
93b0d892bd3fbb7d3d9efb69fffdc060159d4536
-
SHA256
c0539fd02ca0184925a932a9e926c681dc9c81b5de4624250f2dd885ca5c4763
-
SHA512
5cd325c7a0a47921e940480c4e3f983b5b56a2906639e6f2a67d3264e039f06034d286f68e36a1b1ae7642d1ac0e274283d5d45381cede14ba83177355f1017d
-
SSDEEP
12288:UzRlcffXwJsWFAFnjJPQJq+6byL3z5SjMa1jkSC9U:ujB0JYcAa1S
Static task
static1
Behavioral task
behavioral1
Sample
ecdf7acb35e4268bcafb03b8af12f659.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ecdf7acb35e4268bcafb03b8af12f659.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
Targets
-
-
Target
ecdf7acb35e4268bcafb03b8af12f659
-
Size
686KB
-
MD5
ecdf7acb35e4268bcafb03b8af12f659
-
SHA1
93b0d892bd3fbb7d3d9efb69fffdc060159d4536
-
SHA256
c0539fd02ca0184925a932a9e926c681dc9c81b5de4624250f2dd885ca5c4763
-
SHA512
5cd325c7a0a47921e940480c4e3f983b5b56a2906639e6f2a67d3264e039f06034d286f68e36a1b1ae7642d1ac0e274283d5d45381cede14ba83177355f1017d
-
SSDEEP
12288:UzRlcffXwJsWFAFnjJPQJq+6byL3z5SjMa1jkSC9U:ujB0JYcAa1S
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (596) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1