General
-
Target
33f658a424fa30b55ddddaaf3c738b7e61d4949a777ea8f633fcbcb5fb436580
-
Size
22KB
-
Sample
240419-wzk9qscf71
-
MD5
c118fc46d74d08285ce1b5a3822a5c2f
-
SHA1
d9dbd55763267a49ee8a472753ee27af8f1fa1a9
-
SHA256
33f658a424fa30b55ddddaaf3c738b7e61d4949a777ea8f633fcbcb5fb436580
-
SHA512
daac3aa0197a649973fffdfe5fe6fc26d2c471de6ac412049fb1d133a6018cc571e7d2787d7c640f728ba618b775c684720299589bbd5b03c31796f19e937ecb
-
SSDEEP
384:DHJDXfQn0sy0ASe6KSe3rlbDYM2tJcyl/Ex+gtvy7tz0/1xf/Cxx9KmFteVlq:xQn31e6ReblbL2bZOx+gtvy7Mfn43vFP
Behavioral task
behavioral1
Sample
2cadd0ff146e1cdf1270894be4fb1523bfdcc7a31760e0ca5cfd9d8e6b525c21.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2cadd0ff146e1cdf1270894be4fb1523bfdcc7a31760e0ca5cfd9d8e6b525c21.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\readme-warning.txt
makop
Targets
-
-
Target
2cadd0ff146e1cdf1270894be4fb1523bfdcc7a31760e0ca5cfd9d8e6b525c21
-
Size
35KB
-
MD5
6ad6c98f75c3133b94026c2fdd06a6f1
-
SHA1
163dcb0b3da0c55dbbea71e55d47222c0162f650
-
SHA256
2cadd0ff146e1cdf1270894be4fb1523bfdcc7a31760e0ca5cfd9d8e6b525c21
-
SHA512
65ef60fdf4d986743cc60f4867d618aaf223513d2d61b6631226cdf1fd8e92168a1b2eee565d197716a7bc6718db093fc8020a20039a6041376cdd2d05ce2e12
-
SSDEEP
768:XnO6+QwxSRYG1lcjR4Q+aKj+XzMogluDAnMNJxKMh:XZ+QXSG1SjRryo5AnIJxKa
Score10/10-
Renames multiple (8296) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
3File Deletion
3Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1