General
-
Target
560eb48d1b2104f4dc3b1607bf42b35e35dfe81272675040df305e0dc85ce33e
-
Size
39KB
-
Sample
240702-3jkftsvhlb
-
MD5
9f0c7902588bdf16a22a4b7273963f12
-
SHA1
2ff0ad5bdf1f92f1c10dc921eabe53425f35af8c
-
SHA256
560eb48d1b2104f4dc3b1607bf42b35e35dfe81272675040df305e0dc85ce33e
-
SHA512
aae400a6b48c7f638013e59591f8fab35f6ae3db68f00677e385ddc4905d440d8fb5fe12970630ce30ba41020770b7bd4bd96780fe37a3de27d42e3197eccce1
-
SSDEEP
768:sAbuWFlaK9QKc0yjiGoZRscl59fKy/fSaHb6lUy9jqf3Qqp:gWpQViWazj/66b6lUyM1
Static task
static1
Behavioral task
behavioral1
Sample
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
-
Size
55KB
-
MD5
ec656f2e9d53e5c30ae03301cc4348ea
-
SHA1
abe66e0123a837890ff0f64039e5cc9b91549866
-
SHA256
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08
-
SHA512
dc3a0e6d74954f2662cf7196e4b63cffbba4e6d41801767ef91c91eab853af3e3d1f6a529b0415bffc0269adb4030e57870865838237ac6cc54fb866379df554
-
SSDEEP
1536:YNeRBl5PT/rx1mzwRMSTdLpJZtqoQOcO:YQRrmzwR5JAOF
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (313) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Indicator Removal
3File Deletion
3Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Direct Volume Access
1