Overview

overview

10

Static

static

7

Creative_C...Up.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Creative_Cloud_Set-Up.exe

  • Size

    2.9MB

  • Sample

    240109-wqgvysgbh6

  • MD5

    d1bcdc30666ad910129e93995cf4acf2

  • SHA1

    ceed69d697eaad079b35114244b98f5e9091f800

  • SHA256

    aec42a5fd30ce3795d838d1329cdaec3957db1c7cc0f6ad10e92688af4c09614

  • SHA512

    cfb672473f2a06138cecb5a1844fc792f87392cface545f9ca3a633f4cf65ebc4ff174548fae8ebe6a7e6c7a127fa92672a909b1935ef50b622ea9b2c9731e0f

  • SSDEEP

    49152:LnvDCJz5CkjOfrHPSYGin/0TXOZwEBteYoMK76QhrTeryxwbn4IyeWp7msTYYEac:LrqzVErIinMjOZzsDT0LntNFmdEa5Jen

Score
10/10
adobediscoveryphishingransomwareupx

Malware Config

Targets

    • Target

      Creative_Cloud_Set-Up.exe

    • Size

      2.9MB

    • MD5

      d1bcdc30666ad910129e93995cf4acf2

    • SHA1

      ceed69d697eaad079b35114244b98f5e9091f800

    • SHA256

      aec42a5fd30ce3795d838d1329cdaec3957db1c7cc0f6ad10e92688af4c09614

    • SHA512

      cfb672473f2a06138cecb5a1844fc792f87392cface545f9ca3a633f4cf65ebc4ff174548fae8ebe6a7e6c7a127fa92672a909b1935ef50b622ea9b2c9731e0f

    • SSDEEP

      49152:LnvDCJz5CkjOfrHPSYGin/0TXOZwEBteYoMK76QhrTeryxwbn4IyeWp7msTYYEac:LrqzVErIinMjOZzsDT0LntNFmdEa5Jen

    Score
    10/10
    adobediscoveryphishingransomwareupx

    • Detected adobe phishing page

      phishingadobe

    • Renames multiple (162) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks