dharma | 72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2 | Triage

Submit
Reports

Overview

overview

Static

static

3

30e1234ef3...12.exe

windows7-x64

30e1234ef3...12.exe

windows10-2004-x64

Sharing

General

Target

30e1234ef3e570667526fdb006832b12
Size

913KB
Sample

231222-aezqqsdheq
MD5

30e1234ef3e570667526fdb006832b12
SHA1

01de8ba945945b58824f69553ac0f7b048645d45
SHA256

72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2
SHA512

00bd673f43cba1b16363433e672b30d22196fa0b67c024f970da15270323e545d15b3b990ed1dbbc3e7b9421c3f7840b10621c76203f89e0bcb1214e2a129e4e
SSDEEP

24576:Utp7PNBIIr2i1VzBPZYpoEjH2NzQufi9Re+SfM+:uPSiJP+BH2NQufire+SfM+

Score

10^/10

dharma discovery evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

30e1234ef3e570667526fdb006832b12.exe

Resource

win7-20231215-en

dharma discovery evasion ransomware

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

30e1234ef3e570667526fdb006832b12.exe

Resource

win10v2004-20231215-en

dharma discovery evasion ransomware

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  30e1234ef3e570667526fdb006832b12
- Size
  
  913KB
- MD5
  
  30e1234ef3e570667526fdb006832b12
- SHA1
  
  01de8ba945945b58824f69553ac0f7b048645d45
- SHA256
  
  72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2
- SHA512
  
  00bd673f43cba1b16363433e672b30d22196fa0b67c024f970da15270323e545d15b3b990ed1dbbc3e7b9421c3f7840b10621c76203f89e0bcb1214e2a129e4e
- SSDEEP
  
  24576:Utp7PNBIIr2i1VzBPZYpoEjH2NzQufi9Re+SfM+:uPSiJP+BH2NQufire+SfM+
Score

10^/10

dharma discovery evasion ransomware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (4102) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Disables taskbar notifications via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Drops startup file
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Indicator Removal

File Deletion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

dharmadiscoveryevasionransomware

behavioral2

dharmadiscoveryevasionransomware

© 2018-2024

Terms | Privacy