77e1d6a7eeb780aabaddbe2329b24885092e67ab96281b072aad14b433cecf57 | Triage

Resubmissions

29/05/2024, 16:57

240529-vghkfsce54 6

29/05/2024, 16:31

240529-t1kngscc68 8

Sharing

Copy URL Twitter E-mail

General

Target

WinFormsApp1.exe
Size

146.5MB
Sample

240529-t1kngscc68
MD5

64bab266c7a9d1f65263d77d2254b959
SHA1

39c25299a409f90a00308dcbb706fde77b228940
SHA256

77e1d6a7eeb780aabaddbe2329b24885092e67ab96281b072aad14b433cecf57
SHA512

ea9a036218c8836a8f8a3a92c72a2d146a71a125941cc469e5e6cd195bb9a60e3b0d21b81e7a07159a76913194c42429ec4a492b25886b917099e4e4be3a90e8
SSDEEP

786432:+dyRHF/ppkXOzGbY55kQshmSBaNf6rhoiu6wyiz23ku4Z8Gn:+dyxlppkXGGE55XArKiu/yOlhn

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  WinFormsApp1.exe
- Size
  
  146.5MB
- MD5
  
  64bab266c7a9d1f65263d77d2254b959
- SHA1
  
  39c25299a409f90a00308dcbb706fde77b228940
- SHA256
  
  77e1d6a7eeb780aabaddbe2329b24885092e67ab96281b072aad14b433cecf57
- SHA512
  
  ea9a036218c8836a8f8a3a92c72a2d146a71a125941cc469e5e6cd195bb9a60e3b0d21b81e7a07159a76913194c42429ec4a492b25886b917099e4e4be3a90e8
- SSDEEP
  
  786432:+dyRHF/ppkXOzGbY55kQshmSBaNf6rhoiu6wyiz23ku4Z8Gn:+dyxlppkXGGE55XArKiu/yOlhn
Score

8^/10

persistence ransomware
- Modifies Installed Components in the registry
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware