General
-
Target
yfga_game.exe
-
Size
46.3MB
-
Sample
240715-mpdmgavdqg
-
MD5
1947ef762e78e2163483bd34b2d50b23
-
SHA1
81473c8ad25a5146cb8a023dfcf6c2057ee81aba
-
SHA256
67243c639e406bf2b643efc243a8406dc82656a6bc134643c4a376cd292852cf
-
SHA512
6f8c663db1ab0f0843b16425d9ab7b112322387afbf36a58cf5dfea02551a088403671e8d434558d70d530b3ace05406cb6d8990a7a6bb505747c04c22bd6ac7
-
SSDEEP
786432:x7Ud58tChs1g2uzRb7KPB8NUc3sXEPeEwkHYvgctIKpJZXnfsrQl92Z3tHDUOsj1:ht96h76B0HkGUvgcaKpDPBl92HHDdsGy
Static task
static1
Behavioral task
behavioral1
Sample
yfga_game.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
yfga_game.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
C:\Users\Admin\Desktop\yfga_game_6c5c6f08-fe22-474c-b3f7-9c8b5b9bed0e\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Extracted
C:\Users\Admin\Desktop\yfga_game_2cda035c-b0fb-4f8c-a038-63453a96a2b3\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
yfga_game.exe
-
Size
46.3MB
-
MD5
1947ef762e78e2163483bd34b2d50b23
-
SHA1
81473c8ad25a5146cb8a023dfcf6c2057ee81aba
-
SHA256
67243c639e406bf2b643efc243a8406dc82656a6bc134643c4a376cd292852cf
-
SHA512
6f8c663db1ab0f0843b16425d9ab7b112322387afbf36a58cf5dfea02551a088403671e8d434558d70d530b3ace05406cb6d8990a7a6bb505747c04c22bd6ac7
-
SSDEEP
786432:x7Ud58tChs1g2uzRb7KPB8NUc3sXEPeEwkHYvgctIKpJZXnfsrQl92Z3tHDUOsj1:ht96h76B0HkGUvgcaKpDPBl92HHDdsGy
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
6Subvert Trust Controls
1Install Root Certificate
1