General
-
Target
x (2).7z
-
Size
257KB
-
Sample
231023-qxscdaha4w
-
MD5
16eba305c8dc2f9f446b20626798a73c
-
SHA1
a1eb160e60055a81608f844f16ff0e47aa5fb647
-
SHA256
3e8bdea16a2c1dd596aaa4c16a0402a01b6ad527838724471b3f7ba29bb00d8f
-
SHA512
54ab7af1e25408475a8ac54c4793331d23bb77aa7f7ce4639035a22b1947fd79ef2e1996c0f824def922968595bed3f8994cacee85449d2e4e2cc668c469b0c3
-
SSDEEP
6144:S+SWcx9inFrmnOVIQRC+SRSng7zUDB/Ytx5AXOQ:l4xWVZRClzzUtYHi+Q
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
2.exe
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
2.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
F:\info.hta
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
F:\info.hta
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\info.hta
Targets
-
-
Target
1.exe
-
Size
1.1MB
-
MD5
5322dc793dc514fd4a82d96388aaaf02
-
SHA1
b003d8ee93a36a453b337d17069ae1f779917800
-
SHA256
4e4c154f0500990e897ca9650eafd3c6255ba4df3b4bc620c6ba27b718278392
-
SHA512
3b7a763b5748af1b31e00978c3711f20b3dce96572d7bdbc50adf4c2ed4ff84d0ddc1e2040f178355cc8da7e164cd76169db75d5485973ebf9a1c7afb7b07b0d
-
SSDEEP
24576:5HOlaHILUR9X/oGhmE5EApGfZAuBQfm+t:Mywk53mE5EA8fZ52++
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (311) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
-
-
Target
2.exe
-
Size
1.1MB
-
MD5
77dc0310c97717e936ee8d9d571e155a
-
SHA1
94452fb5b6803c7e05789109ead0c2b2dd1c86bb
-
SHA256
159fa561bf9069418c5b2a33525ee12b16385f96680890a285d401b9f6781643
-
SHA512
1707dc36093eee64775c28ee00185ccae492d5f00fa2a2d06579a83a551fc514227f2f3804c27ee9cb94f98a4e360ada795b413ccf64d66b3f989c1248e2b3e6
-
SSDEEP
24576:5HOlaHILUR9X/oGhmE5EApGfZAuBQfm+t8:Mywk53mE5EA8fZ52++C
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (312) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (467) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1