Overview

overview

10

Static

static

3

53d741965a...16.exe

windows7-x64

10

53d741965a...16.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    53d741965a14162b0fadcc237e571216.exe

  • Size

    762KB

  • Sample

    240111-y1ejpaffbr

  • MD5

    53d741965a14162b0fadcc237e571216

  • SHA1

    1fe7309a65b2073b7861ee3dfba7d84ec5beedf0

  • SHA256

    a11372e40aba93abe784ef911eab8176fa04b8a1fc4e9f9c018470b6bf36f70e

  • SHA512

    aa44d9848a6a73aed561ba7ed6c48eec546ee7816b57305b71744b01e8aa36313dd63d42246fa59d8f8394b6fdb00bdf641228953ac47d8f3da24623d6344182

  • SSDEEP

    12288:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb47MMpXKb0hpC9B+V/Q:tEtl9mRda1rMMpXS0hpC9BiQ

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      53d741965a14162b0fadcc237e571216.exe

    • Size

      762KB

    • MD5

      53d741965a14162b0fadcc237e571216

    • SHA1

      1fe7309a65b2073b7861ee3dfba7d84ec5beedf0

    • SHA256

      a11372e40aba93abe784ef911eab8176fa04b8a1fc4e9f9c018470b6bf36f70e

    • SHA512

      aa44d9848a6a73aed561ba7ed6c48eec546ee7816b57305b71744b01e8aa36313dd63d42246fa59d8f8394b6fdb00bdf641228953ac47d8f3da24623d6344182

    • SSDEEP

      12288:Tp4pNfz3ymJnJ8QCFkxCaQTOlOb47MMpXKb0hpC9B+V/Q:tEtl9mRda1rMMpXS0hpC9BiQ

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (83) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks