Overview

overview

9

Static

static

3

Frozen_cracked.exe

windows10-1703-x64

Frozen_cracked.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Frozen_cracked.exe

  • Size

    784KB

  • Sample

    240629-ranw4syflg

  • MD5

    26348de5340c8ec99091699776a2027a

  • SHA1

    3d004406d2467af78f90aaaf3312839e83a43883

  • SHA256

    f25d3ed9eab66e7c08fd2c2778bab2319631bbcff3bb08415604e0c27b002b24

  • SHA512

    08ca1b4a82c9ceeb604533d3622a6864083288bc86046ba7e2d20639d5fcf2605eefe06a3adb9952415ecab8f42f647b76ae540d2d4e235b7ac0967de851bb78

  • SSDEEP

    12288:mijyh17Ln+wwu2LjKDYsXCuQN/MGHaF9Eq2U3u:+h1Xnf4jcYsSpMGHaEq2uu

Score
9/10
defense_evasionevasionexecutionimpactpersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      Frozen_cracked.exe

    • Size

      784KB

    • MD5

      26348de5340c8ec99091699776a2027a

    • SHA1

      3d004406d2467af78f90aaaf3312839e83a43883

    • SHA256

      f25d3ed9eab66e7c08fd2c2778bab2319631bbcff3bb08415604e0c27b002b24

    • SHA512

      08ca1b4a82c9ceeb604533d3622a6864083288bc86046ba7e2d20639d5fcf2605eefe06a3adb9952415ecab8f42f647b76ae540d2d4e235b7ac0967de851bb78

    • SSDEEP

      12288:mijyh17Ln+wwu2LjKDYsXCuQN/MGHaF9Eq2U3u:+h1Xnf4jcYsSpMGHaEq2uu

    Score
    9/10
    defense_evasionevasionexecutionimpactpersistenceprivilege_escalationransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasionexecution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

System Services

1
T1569

Service Execution

1
T1569.002

Windows Management Instrumentation

1
T1047

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Direct Volume Access

1
T1006

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

2
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2
T1490

Service Stop

1
T1489

Tasks