6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

EpicInstal...7c.msi

windows10-2004-x64

9

Resubmissions

02-02-2024 14:05

240202-rd2blsfgg8 9

02-02-2024 13:31

240202-qsr6taheaj 9

Sharing

General

Target

EpicInstaller-15.17.1-77e792b96a7b4c0ab32e22ddc857547c.msi
Size

176.5MB
Sample

240202-qsr6taheaj
MD5

7a2cf04ac0c504a8ea5aed805dde484d
SHA1

0536d7a178d1a42cea1476ea6b44bc53ed26bc63
SHA256

6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
SHA512

42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
SSDEEP

3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ

Score

9^/10

discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

EpicInstaller-15.17.1-77e792b96a7b4c0ab32e22ddc857547c.msi

Resource

win10v2004-20231215-en

discovery persistence ransomware

windows10-2004-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  EpicInstaller-15.17.1-77e792b96a7b4c0ab32e22ddc857547c.msi
- Size
  
  176.5MB
- MD5
  
  7a2cf04ac0c504a8ea5aed805dde484d
- SHA1
  
  0536d7a178d1a42cea1476ea6b44bc53ed26bc63
- SHA256
  
  6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
- SHA512
  
  42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
- SSDEEP
  
  3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ
Score

9^/10

discovery persistence ransomware
- Renames multiple (123) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceransomware

© 2018-2025

Terms | Privacy