23a2abe7ada87655567f1439ce564841ba76e3ea3945b1de2439c04ed7ea262b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

noexit.exe
Size

2.0MB
Sample

240801-2ykvgavhpd
MD5

4b91c40695205741cdf0d2c5b91e0de6
SHA1

1686a884214fbd297aa0db81e6c033828378250d
SHA256

23a2abe7ada87655567f1439ce564841ba76e3ea3945b1de2439c04ed7ea262b
SHA512

2c6bbe73a2814950b5d2d01b4ad067b2d78477dac5f1dd52e3fdb5aae103f689296c5db9900c44d81b524c2aba326de0b0f6aa7a440a7c9bbf5e1b693a034217
SSDEEP

24576:+qM8YB1NEh4EvHN66VUC4dMhGOJsyvzb2uwN:D9Bh4EvHDUC5PFv

Score

8^/10

discovery evasion exploit ransomware

Malware Config

Targets

- Target
  
  noexit.exe
- Size
  
  2.0MB
- MD5
  
  4b91c40695205741cdf0d2c5b91e0de6
- SHA1
  
  1686a884214fbd297aa0db81e6c033828378250d
- SHA256
  
  23a2abe7ada87655567f1439ce564841ba76e3ea3945b1de2439c04ed7ea262b
- SHA512
  
  2c6bbe73a2814950b5d2d01b4ad067b2d78477dac5f1dd52e3fdb5aae103f689296c5db9900c44d81b524c2aba326de0b0f6aa7a440a7c9bbf5e1b693a034217
- SSDEEP
  
  24576:+qM8YB1NEh4EvHN66VUC4dMhGOJsyvzb2uwN:D9Bh4EvHDUC5PFv
Score

8^/10

discovery evasion exploit ransomware
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionexploitransomware

behavioral2

discoveryevasionexploitransomware