Overview

overview

9

Static

static

3

2024-05-23...ll.exe

windows7-x64

9

2024-05-23...ll.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall

  • Size

    129KB

  • Sample

    240523-lw3dqsce3z

  • MD5

    6de4046f30c513f2907cfb8bcecd2eb5

  • SHA1

    b382c47dc850dbb314224d29b83c454f42f4fbef

  • SHA256

    1cae96dace01ef11ea003250d3cd9f9519821eff90e781fb6d179051ae7060fd

  • SHA512

    6b13d1c553cc7d7555ae618c25d752a9315017e79de90cf9abdfc845f7c3dcbdd9d7d2a709da13e9c9fb2dbbd6483870dcbbff42f58e3d3f7545bc77223698d3

  • SSDEEP

    3072:nhRpa+zd/EtzAAZ1rMAKlyDjH/B6SVqCgQfBUnPy8L66iiSB:nhbrdEt8ADrZDjH/B6SVqCgQfBUPy8Lu

Score
9/10
defense_evasionexecutionimpactpersistenceransomware

Malware Config

Targets

    • Target

      2024-05-23_6de4046f30c513f2907cfb8bcecd2eb5_cryptowall

    • Size

      129KB

    • MD5

      6de4046f30c513f2907cfb8bcecd2eb5

    • SHA1

      b382c47dc850dbb314224d29b83c454f42f4fbef

    • SHA256

      1cae96dace01ef11ea003250d3cd9f9519821eff90e781fb6d179051ae7060fd

    • SHA512

      6b13d1c553cc7d7555ae618c25d752a9315017e79de90cf9abdfc845f7c3dcbdd9d7d2a709da13e9c9fb2dbbd6483870dcbbff42f58e3d3f7545bc77223698d3

    • SSDEEP

      3072:nhRpa+zd/EtzAAZ1rMAKlyDjH/B6SVqCgQfBUnPy8L66iiSB:nhbrdEt8ADrZDjH/B6SVqCgQfBUPy8Lu

    Score
    9/10
    defense_evasionexecutionimpactpersistenceransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Resource Development

Reconnaissance

Tasks