General
-
Target
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd
-
Size
203KB
-
Sample
240524-y9hmpsad36
-
MD5
534561d3d3a5b8ec6feb851d5b24a0d1
-
SHA1
95289845bdd011e69973548d05186c2312ee1f5a
-
SHA256
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd
-
SHA512
4ae3d1fad309e1414506bc2b72b632742941c7470b80f7c65b30b4ee1846c71c7ac917cc739b382276ab587d16ff8932bd226c6004eb46086e36f60f536e2821
-
SSDEEP
3072:oQQXfc3edu86ewhiv32ggLXgk0DbLHmE2qv06xTsUnEFiJEGa773:oV2edRGgg7dqvlJEGG
Static task
static1
Behavioral task
behavioral1
Sample
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd
-
Size
203KB
-
MD5
534561d3d3a5b8ec6feb851d5b24a0d1
-
SHA1
95289845bdd011e69973548d05186c2312ee1f5a
-
SHA256
363c7d80912d56db2f9fa37adace43beae80707cb31536a5d8437b0d6c711efd
-
SHA512
4ae3d1fad309e1414506bc2b72b632742941c7470b80f7c65b30b4ee1846c71c7ac917cc739b382276ab587d16ff8932bd226c6004eb46086e36f60f536e2821
-
SSDEEP
3072:oQQXfc3edu86ewhiv32ggLXgk0DbLHmE2qv06xTsUnEFiJEGa773:oV2edRGgg7dqvlJEGG
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1