General
-
Target
763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb
-
Size
50KB
-
Sample
231122-wc362adh78
-
MD5
1cebf0114b0d9d55a9be7e4448052033
-
SHA1
ae4b6043183c32466e3eccce346ebb2b53298a7e
-
SHA256
763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb
-
SHA512
385c37b924bbeba706807e2f6bd023c8fc0ddb757ba8374b5a11eec1fd507ae0a9635fadbf1dd33d408ccd903247daa9b38c1eaa6224d133676885d7e187327d
-
SSDEEP
1536:IDOnfPe1Vfn332CUhMAB/TeduudGaOQQW1:0Ony3m5hjB/T0l1
Behavioral task
behavioral1
Sample
763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
C:\Buy Black Mass Volume II.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\Users\Admin\Desktop\Buy Black Mass Volume II.hta
https://bazaar.abuse.ch/browse/
https://malshare.com/
Targets
-
-
Target
763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb
-
Size
50KB
-
MD5
1cebf0114b0d9d55a9be7e4448052033
-
SHA1
ae4b6043183c32466e3eccce346ebb2b53298a7e
-
SHA256
763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb
-
SHA512
385c37b924bbeba706807e2f6bd023c8fc0ddb757ba8374b5a11eec1fd507ae0a9635fadbf1dd33d408ccd903247daa9b38c1eaa6224d133676885d7e187327d
-
SSDEEP
1536:IDOnfPe1Vfn332CUhMAB/TeduudGaOQQW1:0Ony3m5hjB/T0l1
-
Modifies boot configuration data using bcdedit
-
Renames multiple (455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1