Overview

overview

9

Static

static

3

Temp Spoofer.exe

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Temp Spoofer.exe

  • Size

    669KB

  • Sample

    240615-xll5jsvgnr

  • MD5

    3cfca1029fe1c044dd240e81471967b9

  • SHA1

    8668de133c120645eae9de73fdeb89cb82a34c53

  • SHA256

    d64fee6bb51c86b3b04217a090f59d16a8d60ae02385c8d6e0c9f361e7945081

  • SHA512

    8bd23c1f23b6e7e21a173460167815b4d1b141bf6e847dfd0032773ccc15efa879d2e14374d90f97f0360fb0a42ba908f013890deb6c640d3cb8317bbb11d3d2

  • SSDEEP

    12288:CmB33xru4YHsYukZNyixyaUyL4SDUssmnL:/J3lu5kkZNbxbUyrDUqnL

Score
9/10
defense_evasionexecutionimpactransomware

Malware Config

Targets

    • Target

      Temp Spoofer.exe

    • Size

      669KB

    • MD5

      3cfca1029fe1c044dd240e81471967b9

    • SHA1

      8668de133c120645eae9de73fdeb89cb82a34c53

    • SHA256

      d64fee6bb51c86b3b04217a090f59d16a8d60ae02385c8d6e0c9f361e7945081

    • SHA512

      8bd23c1f23b6e7e21a173460167815b4d1b141bf6e847dfd0032773ccc15efa879d2e14374d90f97f0360fb0a42ba908f013890deb6c640d3cb8317bbb11d3d2

    • SSDEEP

      12288:CmB33xru4YHsYukZNyixyaUyL4SDUssmnL:/J3lu5kkZNbxbUyrDUqnL

    Score
    9/10
    defense_evasionexecutionimpactransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks