Overview

overview

10

Static

static

3

f38949dac0...6c.exe

windows7-x64

10

f38949dac0...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f38949dac0ebf8040648e8a95b1f06ad90cfe1242cc5c227707ac47f250fa56c.sample

  • Size

    419KB

  • Sample

    240227-wm6d5sga7x

  • MD5

    17073229079e31a3190e7a8509302b22

  • SHA1

    6ed12dade62a8e420c5b5b295ddd6c4ce83b9549

  • SHA256

    f38949dac0ebf8040648e8a95b1f06ad90cfe1242cc5c227707ac47f250fa56c

  • SHA512

    7afe620f907740393f021fcd337aaf5ed8b5e903aab3ed592d8695a1d877e41094bbc9aca20e8062c11acf2e288bd96033ffa08544d926be5493be26cb79c647

  • SSDEEP

    6144:4CmPvkrISw8ZMQsFMFEXmtT+n4CQi2oD9HoZwIYaTR/dXszI2lUC4c:L3W6MoFlV+n4CQRoD9IygT/L

Score
10/10
evasionpersistenceransomware

Malware Config

Targets

    • Target

      f38949dac0ebf8040648e8a95b1f06ad90cfe1242cc5c227707ac47f250fa56c.sample

    • Size

      419KB

    • MD5

      17073229079e31a3190e7a8509302b22

    • SHA1

      6ed12dade62a8e420c5b5b295ddd6c4ce83b9549

    • SHA256

      f38949dac0ebf8040648e8a95b1f06ad90cfe1242cc5c227707ac47f250fa56c

    • SHA512

      7afe620f907740393f021fcd337aaf5ed8b5e903aab3ed592d8695a1d877e41094bbc9aca20e8062c11acf2e288bd96033ffa08544d926be5493be26cb79c647

    • SSDEEP

      6144:4CmPvkrISw8ZMQsFMFEXmtT+n4CQi2oD9HoZwIYaTR/dXszI2lUC4c:L3W6MoFlV+n4CQRoD9IygT/L

    Score
    10/10
    evasionpersistenceransomware

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Renames multiple (210) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes System State backups

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks