90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8 | Triage

Submit
Reports

Overview

overview

Static

static

3

Thorium_SS...33.zip

windows10-2004-x64

Sharing

General

Target

Thorium_SSE3_123.0.6312.133.zip
Size

257.1MB
Sample

240425-za4assed42
MD5

9ea8abfc92f30a3f75d6494f5798277e
SHA1

217830880c52b95cf0f8d36f4c0edc0ce4712513
SHA256

90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8
SHA512

b929408e983044791caedc36177e4de4d49bae640f62f6c7e2d45e8b12b5ecbda8c437d51d26fb34c94af54a946e1302207ca0c2b8a02a3d657ba70f43c49e47
SSDEEP

6291456:zjySOrZxK4R3rNiEnTn2kLWgr5kN6k1104yDD80qE5pCEa1Ln3i7:zMjb5f2Wfr5kN6g10LE0qE+Ea1u7

Score

10^/10

discovery evasion persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Thorium_SSE3_123.0.6312.133.zip

Resource

win10v2004-20240412-en

discovery evasion persistence ransomware

windows10-2004-x64

28 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Thorium_SSE3_123.0.6312.133.zip
- Size
  
  257.1MB
- MD5
  
  9ea8abfc92f30a3f75d6494f5798277e
- SHA1
  
  217830880c52b95cf0f8d36f4c0edc0ce4712513
- SHA256
  
  90498c885f4ec21badd948cb84f81a846bf853de58551248df94c9dd9b074fd8
- SHA512
  
  b929408e983044791caedc36177e4de4d49bae640f62f6c7e2d45e8b12b5ecbda8c437d51d26fb34c94af54a946e1302207ca0c2b8a02a3d657ba70f43c49e47
- SSDEEP
  
  6291456:zjySOrZxK4R3rNiEnTn2kLWgr5kN6k1104yDD80qE5pCEa1Ln3i7:zMjb5f2Wfr5kN6g10LE0qE+Ea1u7
Score

10^/10

discovery evasion persistence ransomware
- Suspicious use of NtCreateProcessExOtherParentProcess
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryevasionpersistenceransomware

© 2018-2024

Terms | Privacy