Overview

overview

10

Static

static

3

100cabbb8a...06.exe

windows7-x64

10

100cabbb8a...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    100cabbb8ae4b5a67800b648c6785506.exe

  • Size

    851KB

  • Sample

    240101-yp1msaghgn

  • MD5

    100cabbb8ae4b5a67800b648c6785506

  • SHA1

    a9958e0a952ac1c891677c5e2afc42abd50de2a8

  • SHA256

    cf763a7388c2b36a485bcf57ce334165a3dd18ad6d0ae36a0f2e24a2a4797e0e

  • SHA512

    23fb9d2dbf140e8443552a998441d74b820af7cd928b51e5da4aee65770bd423a0ef030400d88ae1a6e48a705987e435fab94675efc8c3c79a38cdd33aea6519

  • SSDEEP

    12288:Pp4pNfz3ymJnJ8QCFkxCaQTOl2KCsltHgD:xEtl9mRda1MIHk

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      100cabbb8ae4b5a67800b648c6785506.exe

    • Size

      851KB

    • MD5

      100cabbb8ae4b5a67800b648c6785506

    • SHA1

      a9958e0a952ac1c891677c5e2afc42abd50de2a8

    • SHA256

      cf763a7388c2b36a485bcf57ce334165a3dd18ad6d0ae36a0f2e24a2a4797e0e

    • SHA512

      23fb9d2dbf140e8443552a998441d74b820af7cd928b51e5da4aee65770bd423a0ef030400d88ae1a6e48a705987e435fab94675efc8c3c79a38cdd33aea6519

    • SSDEEP

      12288:Pp4pNfz3ymJnJ8QCFkxCaQTOl2KCsltHgD:xEtl9mRda1MIHk

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks