Overview

overview

10

Static

static

3

b53821763b...c3.exe

windows7-x64

10

b53821763b...c3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b53821763b0ffa95a25a34d0cf4491c3

  • Size

    8.5MB

  • Sample

    240305-vphkescg98

  • MD5

    b53821763b0ffa95a25a34d0cf4491c3

  • SHA1

    7aa6bd945d2f8d12d5678ed2cb27d11000bd4706

  • SHA256

    e2e07f570ea32094d9752e3f5ea67fbf12d4733305ba064e6ee684610fb2c8a1

  • SHA512

    96d947dc565936360e6a0151bafa8d46dba85b5ce7809042284fb6a171bb8b6805468a5fccae87953c58feb8e8dcbcede1b8656f0e649fca07edd95930ab67f2

  • SSDEEP

    49152:iEs1zB8NIMI8Sfpwotkzaxc1OGz8lTpKXl537:iE2UIMzKpXOMGQlTpKXl5L

Score
10/10
persistenceransomware

Malware Config

Targets

    • Target

      b53821763b0ffa95a25a34d0cf4491c3

    • Size

      8.5MB

    • MD5

      b53821763b0ffa95a25a34d0cf4491c3

    • SHA1

      7aa6bd945d2f8d12d5678ed2cb27d11000bd4706

    • SHA256

      e2e07f570ea32094d9752e3f5ea67fbf12d4733305ba064e6ee684610fb2c8a1

    • SHA512

      96d947dc565936360e6a0151bafa8d46dba85b5ce7809042284fb6a171bb8b6805468a5fccae87953c58feb8e8dcbcede1b8656f0e649fca07edd95930ab67f2

    • SSDEEP

      49152:iEs1zB8NIMI8Sfpwotkzaxc1OGz8lTpKXl537:iE2UIMzKpXOMGQlTpKXl5L

    Score
    10/10
    persistenceransomware

    • Modifies WinLogon for persistence

      persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks