Overview

overview

10

Static

static

3

1e3a04c6a1...5a.exe

windows7-x64

10

1e3a04c6a1...5a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e3a04c6a1b9a3569a656a45fa2ff15a

  • Size

    6.2MB

  • Sample

    231230-17pz4sdag5

  • MD5

    1e3a04c6a1b9a3569a656a45fa2ff15a

  • SHA1

    1e5ee399066ea2284ec7325c96d5bc73d6ac7544

  • SHA256

    191885b5edaf68153062c17e9ed14fcd0189d78af052135351d5c0bffd5d2e8b

  • SHA512

    a7bc8d9effdd7c402f656889f39efc9224215624d5827c37ea4209d14d31aec98d89c2798eb73397ef6c50023391c397c5b90a80cca4184b55a43fcd0f8100ce

  • SSDEEP

    98304:mE2ji0F/LR5Wj+hMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMM/:mn+0ltNI2lyH

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      1e3a04c6a1b9a3569a656a45fa2ff15a

    • Size

      6.2MB

    • MD5

      1e3a04c6a1b9a3569a656a45fa2ff15a

    • SHA1

      1e5ee399066ea2284ec7325c96d5bc73d6ac7544

    • SHA256

      191885b5edaf68153062c17e9ed14fcd0189d78af052135351d5c0bffd5d2e8b

    • SHA512

      a7bc8d9effdd7c402f656889f39efc9224215624d5827c37ea4209d14d31aec98d89c2798eb73397ef6c50023391c397c5b90a80cca4184b55a43fcd0f8100ce

    • SSDEEP

      98304:mE2ji0F/LR5Wj+hMMHMMMvMMZMMMlmMMMiMMMYJMMHMMM6MMZMMMqNMMzMMMUMM/:mn+0ltNI2lyH

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks