d8210a02192328d93c568b23175582f973acc29e73fadbcf8a025aebdf93ef24

General

Target

sample
Size

15KB
Sample

240705-jaqfyavbjq
MD5

e49eb20ca309d8c2db69a208a6411e74
SHA1

36b9d7cf9671fd7306b5e2c7d0c2b8f012ba235c
SHA256

d8210a02192328d93c568b23175582f973acc29e73fadbcf8a025aebdf93ef24
SHA512

58c83bc7864cd5c8e26e47f9b10bf5d4989429fbdf8fa3c9536fb10aff9fee0ce0f15ac368b7aabd7b6d0c99339afc34050c7dde678522af0b824ec1ade7d737
SSDEEP

192:PNxyShvK9moqTJkNrv23dy6lqGW96tJ8UUqpKuw2NHLv22yxN:yShi9boJkNzGy6lA6LekvLLOHN

Score

9^/10

Malware Config

Targets

- Target
  
  sample
- Size
  
  15KB
- MD5
  
  e49eb20ca309d8c2db69a208a6411e74
- SHA1
  
  36b9d7cf9671fd7306b5e2c7d0c2b8f012ba235c
- SHA256
  
  d8210a02192328d93c568b23175582f973acc29e73fadbcf8a025aebdf93ef24
- SHA512
  
  58c83bc7864cd5c8e26e47f9b10bf5d4989429fbdf8fa3c9536fb10aff9fee0ce0f15ac368b7aabd7b6d0c99339afc34050c7dde678522af0b824ec1ade7d737
- SSDEEP
  
  192:PNxyShvK9moqTJkNrv23dy6lqGW96tJ8UUqpKuw2NHLv22yxN:yShi9boJkNzGy6lA6LekvLLOHN
Score

9^/10

discovery persistence privilege_escalation ransomware
- Renames multiple (125) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1