Overview

overview

10

Static

static

3

ae2b7b9558...ce.exe

windows7-x64

10

ae2b7b9558...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae2b7b9558ccb84393dc9805186a90ce

  • Size

    656KB

  • Sample

    240229-lcsp7ach36

  • MD5

    ae2b7b9558ccb84393dc9805186a90ce

  • SHA1

    cfcf022cee54d70c28a44ec82fdb2b151bf29a46

  • SHA256

    39c67c0c86de0db51f75149ae415b71251c63ac42c763588d36e8f091000e064

  • SHA512

    5acd90e04741dcc9c7324106d916fab298480329a7215526a79e9e08d2344b2ec61120eb8cbe4520d659a1e952428f988caf473c0f2594b590e1129b44a15919

  • SSDEEP

    12288:Pp4pNfz3ymJnJ8QCFkxCaQTOl2KCsltHI:xEtl9mRda1MIHI

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      ae2b7b9558ccb84393dc9805186a90ce

    • Size

      656KB

    • MD5

      ae2b7b9558ccb84393dc9805186a90ce

    • SHA1

      cfcf022cee54d70c28a44ec82fdb2b151bf29a46

    • SHA256

      39c67c0c86de0db51f75149ae415b71251c63ac42c763588d36e8f091000e064

    • SHA512

      5acd90e04741dcc9c7324106d916fab298480329a7215526a79e9e08d2344b2ec61120eb8cbe4520d659a1e952428f988caf473c0f2594b590e1129b44a15919

    • SSDEEP

      12288:Pp4pNfz3ymJnJ8QCFkxCaQTOl2KCsltHI:xEtl9mRda1MIHI

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks