General
-
Target
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f
-
Size
266KB
-
Sample
240522-yj5pjseb8x
-
MD5
16d1fe225c942cd87235dbfd37563773
-
SHA1
6e71f593b29f9c9c07e8807cb24e128dc341667e
-
SHA256
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f
-
SHA512
583d1b426f1bb90f03342a1b41e6d1186db7db750234822fd32de170a43ef981bd7130c97ccde28611d1c3d39c03cecd9ae7e037526eb325842dd09cb2b49bf0
-
SSDEEP
6144:7eC7j4LWPrkza2hCddJr6tsLA7KZs1MnluSxVjYmTApHzua8/Wtv:7b0aPrcavnrOxGsy0Szkm8pHzuiv
Static task
static1
Behavioral task
behavioral1
Sample
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f
-
Size
266KB
-
MD5
16d1fe225c942cd87235dbfd37563773
-
SHA1
6e71f593b29f9c9c07e8807cb24e128dc341667e
-
SHA256
26cb0acf255d8f94ae4b372c29cb868a5712fff6599e12f0c5095b1b34caf65f
-
SHA512
583d1b426f1bb90f03342a1b41e6d1186db7db750234822fd32de170a43ef981bd7130c97ccde28611d1c3d39c03cecd9ae7e037526eb325842dd09cb2b49bf0
-
SSDEEP
6144:7eC7j4LWPrkza2hCddJr6tsLA7KZs1MnluSxVjYmTApHzua8/Wtv:7b0aPrcavnrOxGsy0Szkm8pHzuiv
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (57) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1