6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

EpicInstal....1.msi

windows11-21h2-x64

9

Sharing

General

Target

EpicInstaller-15.17.1.msi
Size

176.5MB
Sample

240525-2jp6msdf25
MD5

7a2cf04ac0c504a8ea5aed805dde484d
SHA1

0536d7a178d1a42cea1476ea6b44bc53ed26bc63
SHA256

6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
SHA512

42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
SSDEEP

3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ

Score

9^/10

discovery persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

EpicInstaller-15.17.1.msi

Resource

win11-20240508-en

discovery persistence ransomware

windows11-21h2-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  EpicInstaller-15.17.1.msi
- Size
  
  176.5MB
- MD5
  
  7a2cf04ac0c504a8ea5aed805dde484d
- SHA1
  
  0536d7a178d1a42cea1476ea6b44bc53ed26bc63
- SHA256
  
  6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
- SHA512
  
  42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
- SSDEEP
  
  3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ
Score

9^/10

discovery persistence ransomware
- Renames multiple (125) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoverypersistenceransomware

© 2018-2024

Terms | Privacy