48db7f40db76b3820b5c47d30f4cb99b79e755cbf61dddd6f2012f26eea52c9a | Triage

Sharing

General

Target

malware.txt
Size

5KB
Sample

240519-sqya6acf79
MD5

97b26482ceb60d0f7cddfc0ca528f9ef
SHA1

0aa4343f9a757f864d617279fa4766b0a38ce72f
SHA256

48db7f40db76b3820b5c47d30f4cb99b79e755cbf61dddd6f2012f26eea52c9a
SHA512

5d1a5ee7ea521ceff427c402527bfba365579e25892a029d0d9ed77fe4b22c453c18fe48e24d275e090c00d2efb2e0adcf753e1658b2c061de61ea52b43c1af0
SSDEEP

96:qD5YNb8mN8r9f4PPfMSHnx2gqoij8RW8E/zmdPzWdEKuWP2W9NukS/MNa:qD5YqrZgX7yrCdPidfbU0a

Score

10^/10

discovery evasion execution exploit persistence ransomware trojan

Malware Config

Targets

- Target
  
  malware.txt
- Size
  
  5KB
- MD5
  
  97b26482ceb60d0f7cddfc0ca528f9ef
- SHA1
  
  0aa4343f9a757f864d617279fa4766b0a38ce72f
- SHA256
  
  48db7f40db76b3820b5c47d30f4cb99b79e755cbf61dddd6f2012f26eea52c9a
- SHA512
  
  5d1a5ee7ea521ceff427c402527bfba365579e25892a029d0d9ed77fe4b22c453c18fe48e24d275e090c00d2efb2e0adcf753e1658b2c061de61ea52b43c1af0
- SSDEEP
  
  96:qD5YNb8mN8r9f4PPfMSHnx2gqoij8RW8E/zmdPzWdEKuWP2W9NukS/MNa:qD5YqrZgX7yrCdPidfbU0a
Score

10^/10

discovery evasion execution exploit persistence ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Creates new service(s)
  persistence execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionexploitpersistenceransomwaretrojan