General
-
Target
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d
-
Size
313KB
-
Sample
240523-fqp9bsef67
-
MD5
2e284828d3a46369ac9927f234cb016f
-
SHA1
3f2ea748a17df9c0b41d978c59714ea85de4ae19
-
SHA256
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d
-
SHA512
34a8ad46c8167372d2631be894c3176b7fa6b6fd447126ea7f577b56f66ce35604ab74dcbe70f3231957171ce6c40f838873b5cdf41396d71c3311a45edbcf46
-
SSDEEP
6144:7J/s3vzMrJ2krWrlvct8TM3HHgJI2LwquIGgvfcT:ds7A0vct+8H12LwH+X8
Static task
static1
Behavioral task
behavioral1
Sample
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d
-
Size
313KB
-
MD5
2e284828d3a46369ac9927f234cb016f
-
SHA1
3f2ea748a17df9c0b41d978c59714ea85de4ae19
-
SHA256
fa4f1476c43c56ef9f2bee90039f7239bc0de6a89c7e51f621f7da6319eaf45d
-
SHA512
34a8ad46c8167372d2631be894c3176b7fa6b6fd447126ea7f577b56f66ce35604ab74dcbe70f3231957171ce6c40f838873b5cdf41396d71c3311a45edbcf46
-
SSDEEP
6144:7J/s3vzMrJ2krWrlvct8TM3HHgJI2LwquIGgvfcT:ds7A0vct+8H12LwH+X8
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (63) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1