General
-
Target
ec656f2e9d53e5c30ae03301cc4348ea.bin
-
Size
39KB
-
Sample
240702-ce3hqsscna
-
MD5
9f0c7902588bdf16a22a4b7273963f12
-
SHA1
2ff0ad5bdf1f92f1c10dc921eabe53425f35af8c
-
SHA256
560eb48d1b2104f4dc3b1607bf42b35e35dfe81272675040df305e0dc85ce33e
-
SHA512
aae400a6b48c7f638013e59591f8fab35f6ae3db68f00677e385ddc4905d440d8fb5fe12970630ce30ba41020770b7bd4bd96780fe37a3de27d42e3197eccce1
-
SSDEEP
768:sAbuWFlaK9QKc0yjiGoZRscl59fKy/fSaHb6lUy9jqf3Qqp:gWpQViWazj/66b6lUyM1
Static task
static1
Behavioral task
behavioral1
Sample
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08.exe
-
Size
55KB
-
MD5
ec656f2e9d53e5c30ae03301cc4348ea
-
SHA1
abe66e0123a837890ff0f64039e5cc9b91549866
-
SHA256
2a8353551d099c78ac100b44718a691142f8cc7879b47e842ee8491426e15c08
-
SHA512
dc3a0e6d74954f2662cf7196e4b63cffbba4e6d41801767ef91c91eab853af3e3d1f6a529b0415bffc0269adb4030e57870865838237ac6cc54fb866379df554
-
SSDEEP
1536:YNeRBl5PT/rx1mzwRMSTdLpJZtqoQOcO:YQRrmzwR5JAOF
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (323) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Direct Volume Access
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
3File Deletion
3Modify Registry
2