General
-
Target
Request for Quotation (RFQ_196).zip.zip
-
Size
3.3MB
-
Sample
240806-mcq22a1ajg
-
MD5
ceda593ba5da6654c01466af81567ddf
-
SHA1
13391cb83544706f19c26957a5ed094792e17f85
-
SHA256
9a620208fbdef346e1fcde87b629959c9ba4d4241525c1967a50913dd5e57757
-
SHA512
8f09827217c64bf99d93ace4becf5421ee37f3ac4c286f39d0dd430c68782f821d8ea6852c8c7c9dc63ad9d6eb336ffb53039905efdf831472d6078f75542344
-
SSDEEP
49152:8155g5yi3n4hJVwui1MuarSoVKAolVr2Yrzk8Gx+jbPmLJRX2S0GRK5RI0COG:8n6934hJVwkrBV/sVCkzk8cpL2HGGZG
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice and Bank swift-REG.PI-0086547654.exe
Resource
win10-20240404-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
Proforma Invoice and Bank swift-REG.PI-0086547654.exe
-
Size
3.4MB
-
MD5
84c82835a5d21bbcf75a61706d8ab549
-
SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
-
SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
-
SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
SSDEEP
98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
4