General
-
Target
2024010680d761f058f9c348b62c0bed3d0d7144lock.exe
-
Size
255KB
-
Sample
240107-x12tjsdbh2
-
MD5
80d761f058f9c348b62c0bed3d0d7144
-
SHA1
97d064c0cc08cead365e3f31c13ea3c5f2870911
-
SHA256
a94ff774cc6a77bd38b391e73eddbd31576f2f2cebcd46fa01d8a75b596142cb
-
SHA512
270de0950ae9f231cda5b61f46215a9e4b78eaf0bef8d49d3bcdd5ccd1599abff835f5db00162da87897121c4d5e6773d6bf23003b89f8ef58ddd038718b1703
-
SSDEEP
6144:9mZ1LV5gs78D7o1dQPUJM5SJGg+5eYtk/:kZ1L8x6QPUJ4SJGg+59tk/
Static task
static1
Behavioral task
behavioral1
Sample
2024010680d761f058f9c348b62c0bed3d0d7144lock.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024010680d761f058f9c348b62c0bed3d0d7144lock.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
2024010680d761f058f9c348b62c0bed3d0d7144lock.exe
-
Size
255KB
-
MD5
80d761f058f9c348b62c0bed3d0d7144
-
SHA1
97d064c0cc08cead365e3f31c13ea3c5f2870911
-
SHA256
a94ff774cc6a77bd38b391e73eddbd31576f2f2cebcd46fa01d8a75b596142cb
-
SHA512
270de0950ae9f231cda5b61f46215a9e4b78eaf0bef8d49d3bcdd5ccd1599abff835f5db00162da87897121c4d5e6773d6bf23003b89f8ef58ddd038718b1703
-
SSDEEP
6144:9mZ1LV5gs78D7o1dQPUJM5SJGg+5eYtk/:kZ1L8x6QPUJ4SJGg+59tk/
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (75) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1