f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32 | Triage

Submit
Reports

Overview

overview

Static

static

f0424f6713...32.exe

windows7-x64

9

f0424f6713...32.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.sample
Size

129KB
Sample

240227-wmkgnsga6w
MD5

3e6613fb7521062d41826e4460f7d630
SHA1

7136124383c127028e91946a7b1cb942088cf3d9
SHA256

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32
SHA512

9cc6f870c2f64460231481f93d86fe0b2a4f2bcf98d4893faa0dacf239db56be4be460ae17aa8e8067d3c4e1220d405db2f5eba4a42583851069ea518d8526ac
SSDEEP

3072:VLbLpVIYbQf91G3im/2Ef07Jysg1n8Ovz4pt6YwSabakoEMQB/jS3fevYugrO6OL:VTpVPnx6aako0BSvmYBrrOu3SbuO06

Score

10^/10

ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.exe

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32.sample
- Size
  
  129KB
- MD5
  
  3e6613fb7521062d41826e4460f7d630
- SHA1
  
  7136124383c127028e91946a7b1cb942088cf3d9
- SHA256
  
  f0424f67134d4761a836bd18507de8a758b5b7204282cf14ad0be04e91f28f32
- SHA512
  
  9cc6f870c2f64460231481f93d86fe0b2a4f2bcf98d4893faa0dacf239db56be4be460ae17aa8e8067d3c4e1220d405db2f5eba4a42583851069ea518d8526ac
- SSDEEP
  
  3072:VLbLpVIYbQf91G3im/2Ef07Jysg1n8Ovz4pt6YwSabakoEMQB/jS3fevYugrO6OL:VTpVPnx6aako0BSvmYBrrOu3SbuO06
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (2209) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy