Overview
overview
10Static
static
7samples3.zip
windows7-x64
1samples3.zip
windows10-2004-x64
105cf6eee9b...b3.exe
windows7-x64
105cf6eee9b...b3.exe
windows10-2004-x64
10d332c0478...a7.exe
windows7-x64
90d332c0478...a7.exe
windows10-2004-x64
90fd8500fde...1e.exe
windows7-x64
10fd8500fde...1e.exe
windows10-2004-x64
111edf9436a...ed.pdf
windows7-x64
111edf9436a...ed.pdf
windows10-2004-x64
119a640415b...5c.exe
windows7-x64
1019a640415b...5c.exe
windows10-2004-x64
1033aa57b04b...cb.exe
windows7-x64
633aa57b04b...cb.exe
windows10-2004-x64
63643464a22...19.exe
windows7-x64
33643464a22...19.exe
windows10-2004-x64
337e2f97755...26.exe
windows7-x64
137e2f97755...26.exe
windows10-2004-x64
154cd11236f...ff.exe
windows7-x64
654cd11236f...ff.exe
windows10-2004-x64
655bc661ad4...8c.exe
windows7-x64
955bc661ad4...8c.exe
windows10-2004-x64
7603d665f09...68.exe
windows7-x64
1603d665f09...68.exe
windows10-2004-x64
16ea27a0861...7e.exe
windows7-x64
16ea27a0861...7e.exe
windows10-2004-x64
373af283fcb...0c.exe
windows7-x64
873af283fcb...0c.exe
windows10-2004-x64
87e41197b74...67.exe
windows7-x64
97e41197b74...67.exe
windows10-2004-x64
9a878fed055...99.exe
windows7-x64
3a878fed055...99.exe
windows10-2004-x64
3General
-
Target
samples3.zip
-
Size
1.5MB
-
Sample
240101-sv2t5sdbdr
-
MD5
c03fcbff1eb9c1f121a8b49e9c89fd32
-
SHA1
327c876c64bd3046e1ac9a16f246d13ca06b8a09
-
SHA256
b23cb04afe59fee16c95ef5d24a67cb493d4ea88b62f6996e54493548acad6c2
-
SHA512
98aab9ff1965d0f41738241189878132cdb7e2035b974ff7a79f424320935760c0ceb18d40b019a3d55c4961b172a0c793ac5129525755ebfca079a063c8e6ff
-
SSDEEP
24576:WEJ3zt4o+oLXY8KefDWjAGu8km5vnx42IZjJhZhCD97aWMKIMKFrE:fzzjKerHivnx/IZjJ67aWZIMaE
Behavioral task
behavioral1
Sample
samples3.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
samples3.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\info.hta
http://www.w3.org/TR/html4/strict.dtd'>
Targets
-
-
Target
samples3.zip
-
Size
1.5MB
-
MD5
c03fcbff1eb9c1f121a8b49e9c89fd32
-
SHA1
327c876c64bd3046e1ac9a16f246d13ca06b8a09
-
SHA256
b23cb04afe59fee16c95ef5d24a67cb493d4ea88b62f6996e54493548acad6c2
-
SHA512
98aab9ff1965d0f41738241189878132cdb7e2035b974ff7a79f424320935760c0ceb18d40b019a3d55c4961b172a0c793ac5129525755ebfca079a063c8e6ff
-
SSDEEP
24576:WEJ3zt4o+oLXY8KefDWjAGu8km5vnx42IZjJhZhCD97aWMKIMKFrE:fzzjKerHivnx/IZjJ67aWZIMaE
Score1/10 -
-
-
Target
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3
-
Size
96KB
-
MD5
4bf4c29c3df1965b88cbbbd80f9706e1
-
SHA1
8c9a4a9c70aca458f8e69ec810956795f64fc519
-
SHA256
05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3
-
SHA512
8c77048296c30a333a890762b7480c9c13cbe621e766408021f8b30d794e61abde942549720fe486690962494282a2bbd2d1ad205cfe180047bed5bf7d2657b4
-
SSDEEP
1536:oNmzHAF+PuOwZ01Bh1HcRAI92PeCKrrqdsicjgzqSkhrGK7YMUV3P:ozX+1Bs2PaOKicjQYrRDA/
Score1/10 -
-
-
Target
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7
-
Size
92KB
-
MD5
6c482e3d0fdc8af0182d543371ca5176
-
SHA1
e4de59423b77477cc593b7f31d08252107444524
-
SHA256
0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7
-
SHA512
ed217f7c2a0b0ca7716c0c04dc369598371d997590437f70ce68147276ef0cc8e3539306abcd5d16266dc5d4a6b984eab9e8fc5348dc2f6607ddea3eed4e0411
-
SSDEEP
1536:ReybNDac/BiUkGgxjDUsFFtZjSrHOUTS6r17Y4HbmxwRwW:lNDgUm5Fi6Uu6r17p7zV
Score9/10-
Renames multiple (9950) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
-
-
Target
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e
-
Size
158KB
-
MD5
f8a89c8681173db7366fee4a3147b0cf
-
SHA1
9f7a8a330e6f493e995d1623f3ff987cf89bba4a
-
SHA256
0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e
-
SHA512
4c1171a22522b4d3abcc733ad95ff45cf0935eff5fb34935b64fb3d2f519dadeca1576b2833b0f7dee929803e77e0c5ca6896c79d91a5c96272f6e8e90e8489b
-
SSDEEP
3072:LEbo5Dei1JEo+eip7trJ7c+BaqhSVbKEIvZJqhWSpIBiih1:LMoQlohixtrJzBaBJKLOhEQih
Score1/10 -
-
-
Target
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed
-
Size
184KB
-
MD5
88bca052a833461e2dd2b3170fff76c0
-
SHA1
1304478347bd7f47b84cd39ffc545ac1f55707c1
-
SHA256
11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed
-
SHA512
098639ca995bcc33b1a309c3add6a60b9ab69e527dedf7005ac0c8dcc21e30070460bc7fec4b73ede0cd475244c03a6fad527f4732bb3dd559a5f9a0e34526c6
-
SSDEEP
3072:XT8Q2YM+ti7mMzJ5HQOEzsTKshIK7Yw31MXM2fbGBeaIIadcXnMFGoF:j8epiyiwl01MTc2jGQjZdc6GoF
Score1/10 -
-
-
Target
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c
-
Size
145KB
-
MD5
fd946ba0ca811f8f5cddba5c4634fd64
-
SHA1
02536e5089857fd7421a50adb07fe871593d5b9f
-
SHA256
19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c
-
SHA512
b50b8bbd93bf00e9d89cadc99900211d5b7a3d3e0f5d450445435ea498ee58be80151f608912244f55e9ad2f907fa896f66389d987b8d3b1a470ad257d7414e8
-
SSDEEP
3072:Tv/FR9m6kfHpVC1pY8iblkCIax6CdAje+QlLC+Q/eJRhz8Jmu+X:j/f9m6g42xqQVSD
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
-
-
Target
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb
-
Size
46KB
-
MD5
8bcffc24d7a50cdff0c52c46a7a124fa
-
SHA1
f6e439f1503c727deb6d2a5d09b4a455728a0217
-
SHA256
33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb
-
SHA512
e87023b4f56852a9f8f340f8476dc2d91d1216845816fcf74fe561b625de18628b9f3e1fe21236b20066dd83838d6d6ea4338424a89b998c7e82edf6e829fb2c
-
SSDEEP
768:7HQRmGZ1BcDZzEdjRBeV6rgd7Ai4XqobtXg6aKlnRSc:7dGO6ddBesrgd0iuq2tXg6hlh
Score6/10-
Adds Run key to start application
-
-
-
Target
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19
-
Size
187KB
-
MD5
5239186df089b14d776b1438bc495878
-
SHA1
40a0689b89576ce865f3b5eddb18acb679219704
-
SHA256
3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19
-
SHA512
eb235607d70e70cc5eea1102582b599ec483aee5b8fdb8dd6524952230746bfefa5316bf31c78eee43e9d61bd6736cc973f8c45cbd175ae93bc960f10cb2a3da
-
SSDEEP
1536:giTQB4GEf+C6P7Pr/yIcavDI47BHs7E5FGcAfKYelzgvf5nBbN+JRiHZ/niduyZx:g3B4/WC6P77yIlJdR20UBY5duyKp5c
Score3/10 -
-
-
Target
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526
-
Size
48KB
-
MD5
13a5784e5e7429fc4b5bfca4adb68496
-
SHA1
612bd66c936396b789dcd2ff2132932b7d411d2a
-
SHA256
37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526
-
SHA512
cb1e4aae816b510877806d71a6c594f9beecc73b7043de9230233a22cc63dfd07ffde46b7b0ca0ab617dbbaf4cb29cd3e1643672ba18eaa65b825f223b8412f8
-
SSDEEP
768:3oyDyGQf9/NCbfdgqSlDrJ4UQwxqj4HitVdXPT8B6u5PYuFm:3XQ9/8RhkO5j4HwXfT85PYGm
Score1/10 -
-
-
Target
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff
-
Size
163KB
-
MD5
f435c9ea441e60844f6cd74a3d7510c1
-
SHA1
8cf5e06091086822efea0e6e1d3acdaee6c56f95
-
SHA256
54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff
-
SHA512
c529064ec99ead01fa97ba0e309cbf5c8d263a3537605115a884e888a2ef1865691216eb96c8f6ca023d41ec74041cc9128dacca51e2d9585e7e10e6eb914e6c
-
SSDEEP
3072:00tTiVVFj3dTcAskPC+G4+6mIc4RmwE4j2lmm4c+JttZOKih7bDHLLbD:0VVLTnq+upI5Rmww/GtZObvbD
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c
-
Size
63KB
-
MD5
8631a8f38c49a008fa27a1206378e144
-
SHA1
b13d05d99b91fdff5802660218d26c4811e062a0
-
SHA256
55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c
-
SHA512
989e642115b8453e5b806e70914243f728d38d29493cb75b49981dd390ad155502b2998bb435ec8f9e88ef0a4ca8921fd7a54f5685c4aef5167ee1a0ea16dee0
-
SSDEEP
768:FWSro9/JJCAaXRCZ+W8UVVMKccxkujVuIbRr4R9FF2GRz:4SE/Db0a+8BccxcIbV4zxz
Score9/10-
Renames multiple (52) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Loads dropped DLL
-
-
-
Target
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568
-
Size
45KB
-
MD5
a0c64acfd1267947bc76ff8e44d0bd7c
-
SHA1
83d882a0ef6536d2bcb19e6754b5c3364c1f4459
-
SHA256
603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568
-
SHA512
822dbc0fb22217d693a717a52aa73627ad076a2fd808f1730639dc86324e02a20b1cc740cdec495ea2f55585d10de84a05ea68b66e42f6200fad99d807160d74
-
SSDEEP
768:Z8Tonah98DUrTu+VxRtR3JKgVdXPauv1yzblwBG:Z8IA98I++bLR3BXfl1yXyc
Score1/10 -
-
-
Target
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e
-
Size
58KB
-
MD5
c41858fceca5148ce899e350bf6b2651
-
SHA1
9a9961d05631c8345a1b8b9ea0b95063d946fb8e
-
SHA256
6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e
-
SHA512
2ecf0cf9753b521f1393a62d4d411e99924620086e315164ec1f30f30353eb99eaecfc610553e66bcecb091109e979798d5057db925c21263f74da7d7135a2d5
-
SSDEEP
768:xilH4hDEJbQpg4R+QokagvBexAb5BMX+nXVoVq3QXNTrsjTZD+UknIzyv3n6Ul4u:YqJEpeg4RXoMsu5tK90jTbknIsFo6
Score3/10 -
-
-
Target
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c
-
Size
125KB
-
MD5
989d0f34c3f5e1688071cc058e49f6cf
-
SHA1
d57d9bc46d6a0228cde494d843becdadbf070d7d
-
SHA256
73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c
-
SHA512
83949f0d0cf5b22ea48d4098ca430edcdc857ef0abf2ab45e7b8feffd906a351991af100bc94ad829155375ff2426d7364084da29c63e89d7e3c10a67d44747a
-
SSDEEP
3072:RwNZx8JGA9ZDsjHl+lIvPpKKvq9aqBJLxFfVK9Y:SgnsjF15x/CJLfM9
Score8/10-
Disables Task Manager via registry modification
-
-
-
Target
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667
-
Size
153KB
-
MD5
91e890f3e0f1f456486445816797a221
-
SHA1
244741c1514206d953d5d4767fd0c3dd48cfc6d7
-
SHA256
7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667
-
SHA512
c91287ea947bc43a7c1d54028e487e8df88b4cbce07e0c607fa35d6849189b4f2efb472b1cc80bc2668ff7e9553d28e852a021c8cccd551ecb3d6b1db0e36f5d
-
SSDEEP
768:oS+1pDY5Kp+ByAAAAAAAAAAAAAAAAAAAAzAAAAAAAAAAAAAAAHtAAAAAAAAAAAA3:b+1pc0sB5QV0TGE
Score9/10-
Renames multiple (66) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
-
-
Target
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99
-
Size
185KB
-
MD5
f1dd63587760176e8a57c378ed2113c1
-
SHA1
21ad96148b4f65bad4d7f28fb422a112c19e9b18
-
SHA256
a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99
-
SHA512
9bbafa10779f2d1eb210254d48f2df62cc40fa6445b7a1a6b2d24a485e036098025c0d8cd39524b7fb496f53e31b49f3c0783cf0718e65c99e42685e9379b6ad
-
SSDEEP
3072:lVnUZh5lgIS4YU3KEvOnEVV5KbHyM+lmsolAIrRuw+mqv9j1MWLQLmbY:lVU35lvS4YiWnEVV0bR+lDAAVb
Score3/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
6Indicator Removal
2File Deletion
2Pre-OS Boot
1Bootkit
1