995df061cec051f1964775932be424ee3da5a4ee91e2b9a17f7a625894088dbf | Triage

Sharing

General

Target

Worm Locker2.0(ransomware).zip
Size

204KB
Sample

240620-scnvkaxfqp
MD5

883752fed229f8a2e871296d217fb6c5
SHA1

aa730ba4b3191cd935ea8d7d1fda9efb3d89c44f
SHA256

995df061cec051f1964775932be424ee3da5a4ee91e2b9a17f7a625894088dbf
SHA512

a8baeaebd568d363f95202fc9e5660b7b367284413f6383b6ed469203a06f2601d0573bda58e529c1d9a23e0ae154306ee9be8ce52e5d65fe5662e67b7a3a549
SSDEEP

6144:Y5wJt7nXKkAtPcW48I28sPBo85B8CMTc4:IwJt7gdOs8sJo8f8V

Score

10^/10

discovery evasion exploit persistence

Malware Config

Targets

- Target
  
  Automatic_converter_rff_to_mp4.exe
- Size
  
  322KB
- MD5
  
  1b4f89bdb12a349de92ca7f1261e67a0
- SHA1
  
  f368916850332757d7ed2f0ee335c16b9c9fc95b
- SHA256
  
  d4c83205cf6f3098ab6a757312525f4d14a57a819306eeea5c0d022b00b38cf3
- SHA512
  
  f2f7985fbf462bc35e099b58308ddef91320d3d81040f77e7c1c0a3cfc3a4da50c849efd0f063c839848a80927398cc24bc8368d5b0b92014abe2ea7bdc2ddeb
- SSDEEP
  
  6144:iibVlHNEHBpDDf2vfQ21NV0zUiCqWjH6YPON9q:igtCpPfGfZSWPf
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistence