General
-
Target
lghub_installer(1).exe
-
Size
39.6MB
-
Sample
231208-y6348scdgp
-
MD5
cc59dd098d29b717463ff7260f9d7602
-
SHA1
51539b5aac11c81a13a44c625c9ab70629ef04b7
-
SHA256
0cdf839d1e387540bfa4f36211a82c8fa3845d7d062fc860ca94ae461dbbb7a3
-
SHA512
eddad30561f24a1536ec51d1acded84c8efc7aa5c58a9ca9a7e7744ffcf5faa32cac0bc400037ee9917c5887523e1d597cdca8ceb879a9d8136ed1af6a624703
-
SSDEEP
786432:1028+bEpttD7yBG/4M3OW+upttD7yBG/PcXU9g5U:10YEpttD7y0/pnpttD7y0/0XUm5U
Static task
static1
Behavioral task
behavioral1
Sample
lghub_installer(1).exe
Resource
win10-20231129-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
lghub_installer(1).exe
-
Size
39.6MB
-
MD5
cc59dd098d29b717463ff7260f9d7602
-
SHA1
51539b5aac11c81a13a44c625c9ab70629ef04b7
-
SHA256
0cdf839d1e387540bfa4f36211a82c8fa3845d7d062fc860ca94ae461dbbb7a3
-
SHA512
eddad30561f24a1536ec51d1acded84c8efc7aa5c58a9ca9a7e7744ffcf5faa32cac0bc400037ee9917c5887523e1d597cdca8ceb879a9d8136ed1af6a624703
-
SSDEEP
786432:1028+bEpttD7yBG/4M3OW+upttD7yBG/PcXU9g5U:10YEpttD7y0/pnpttD7y0/0XUm5U
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Modifies file permissions
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
3