General
-
Target
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df
-
Size
315KB
-
Sample
240523-fwzpyseh59
-
MD5
a013cd2ea985c6a0161dc55829a32014
-
SHA1
75f91b267ab68f232b3b65526e02ea320f9f7547
-
SHA256
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df
-
SHA512
5bf9b5964b27de679c11535d89f2656306a41e41688e45b414e9f1f53e2cbea0ee7259552fcef9f7c6f0b324da2e9627cee6a389043335bf50c8c511f26b8ec4
-
SSDEEP
6144:ygO/J3Es6lZbhv8+Wsve9E8nQNQMSt3t3Jr+HQqzDGBAJ3s:y13ETZbhv83iem0eQMyfr+HQqzD2AJ3s
Static task
static1
Behavioral task
behavioral1
Sample
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df
-
Size
315KB
-
MD5
a013cd2ea985c6a0161dc55829a32014
-
SHA1
75f91b267ab68f232b3b65526e02ea320f9f7547
-
SHA256
fe94932e83229ec56fd1556c02394348ff1bf64c43ea2e7fc6444b9a3c5872df
-
SHA512
5bf9b5964b27de679c11535d89f2656306a41e41688e45b414e9f1f53e2cbea0ee7259552fcef9f7c6f0b324da2e9627cee6a389043335bf50c8c511f26b8ec4
-
SSDEEP
6144:ygO/J3Es6lZbhv8+Wsve9E8nQNQMSt3t3Jr+HQqzDGBAJ3s:y13ETZbhv83iem0eQMyfr+HQqzD2AJ3s
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1