aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142 | Triage

Sharing

General

Target

capcut_capcutpc_invitefission_1.2.4_installer (1).exe
Size

2.2MB
Sample

240810-hl1wdazcmj
MD5

cafd508f953e2d28acf9b49e80bf2fc6
SHA1

0c739749978ef0b6077261e511ab10e9211f2c71
SHA256

aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142
SHA512

3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3
SSDEEP

49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6

Score

9^/10

discovery ransomware

Malware Config

Targets

- Target
  
  capcut_capcutpc_invitefission_1.2.4_installer (1).exe
- Size
  
  2.2MB
- MD5
  
  cafd508f953e2d28acf9b49e80bf2fc6
- SHA1
  
  0c739749978ef0b6077261e511ab10e9211f2c71
- SHA256
  
  aa8ff4d4c4505f9245ae995be2fee8f6a78b1167126e613490e1c22549bdf142
- SHA512
  
  3ff026e849378691da40d406ce806c438c8a4f015217731bd132bfccdb58c4832306a3f92aa752af6d3ca71e2425f161155d767e56d23c15f0634424080caab3
- SSDEEP
  
  49152:7VhVn6EBMgmH1Cz0DqfMus8/V3sYPyD9+gqulxheyY6:7XVn6OMgmH1CS7ec7fxY6
Score

9^/10

discovery ransomware
- Renames multiple (510) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgWorker.dll
- Size
  
  2KB
- MD5
  
  33ec04738007e665059cf40bc0f0c22b
- SHA1
  
  4196759a922e333d9b17bda5369f14c33cd5e3bc
- SHA256
  
  50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be
- SHA512
  
  2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/deviceregister_shared.dll
- Size
  
  226KB
- MD5
  
  8baaaeacb97679fb495e1c4f902f0a68
- SHA1
  
  29185b00e4c56ff8cc22de64c1407809d60348f1
- SHA256
  
  7c2a74c4be8d524a121e78e763c05c7b5cb58b524119ac8897c493e717a1d42a
- SHA512
  
  49f864332165c0229f0588fa1fd56fdc04bb005be1b61a9367fac5f45c32783e2e633c8acb64c3a921d41d9b79ceb3315813aa409a8f725cc7193958bf4bb8e0
- SSDEEP
  
  6144:5Nj2oPjbpV4hliZ7xsFARHtw+WY0L1TBWoBvF:6KV4hliZ7KFAb+L1TIo
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/downloader_nsis_plugin.dll
- Size
  
  1.2MB
- MD5
  
  14930a06cbfb26d5ffffd354fa12d5f8
- SHA1
  
  1de289bab03eaad965e419d657c3531a3738c558
- SHA256
  
  3ef7a13886328dafba1c49ec096da122e63839ac6965bf4f3d4dcce3a35ccc6d
- SHA512
  
  385268602f050c060795312c9cb86e979030a21b8cecc20303b346bbc0800a468a84a291224592d9b0e43458e579660b8062f6b9cba3b2e79aab5015d1dcc67b
- SSDEEP
  
  24576:eDe+j+n40zyob+w+LsoZttOWR7vDzAOdYKT9s6rNnb3Khz:Eei+n7zy2ULsGjOWR7vDzhdYKThNnzKN
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/res.zip
- Size
  
  160KB
- MD5
  
  c9eb579f9346b36d228daec5d7078b97
- SHA1
  
  03ccc0da5e8d2f91497821045951889e019aaaf2
- SHA256
  
  cb4a1ea525ae60f66bbdc24819bd9fffda9a1040492a0d639326622190470e50
- SHA512
  
  4bf05141e032809edb531e132928e09922329e89d4ea895d2f94c1845277dea7c5bb025b1ed6c56bd727f1c387698a859bf5bf329a13f60e627f7837948d29bc
- SSDEEP
  
  3072:WlbNMh58abnJ6taLk0gLP5mAueGiXNMEQyKwt:bz/d6t+aLP5mA5G+N/Jtt
Score

1^/10
behavioral11 behavioral12
- Target
  
  app_warning_icon.png
- Size
  
  10KB
- MD5
  
  ff33518be442da6232709553157e2418
- SHA1
  
  a68eeced8fa5a2ab918e9d4c575ff09839624efb
- SHA256
  
  2c8cdbdfa2a99200718901ed35bb56ea90f8fed9934aecd640d9507b677f7025
- SHA512
  
  02858ae7e65c33c21952e65eef49d74c4c4398e7b9a04eb9c7b50ad0fa24d3025f377ffadfc2e9b9e07d112efd3468bdce4f71a146608287827a65f2e057f83e
- SSDEEP
  
  192:vDbpB1zqKLGqqeSaU18Ft/TCpZu2cphDjlVq4kw9oTrRpa1s:npB1ztG3D18FtLkDmhDxVahpss
Score

3^/10
behavioral13 behavioral14
- Target
  
  banner_bk.jpg
- Size
  
  83KB
- MD5
  
  245b96c88020b408e92a4f3ff77d9ac7
- SHA1
  
  eb04cd6411ac4fa24dd4248004e9521186206a9b
- SHA256
  
  c4b98d49afd4beab5b0f549cb9674f61e2156d273626f17e8d84129c127684f5
- SHA512
  
  fd2f09c8a02d43d8ce8ca53959804cd3265d426cad6a40d3fad6cd7423c952f62ccfb1e46832af3dc66070c008c7812caa3bb9d2702dd55ab77da785cab05c79
- SSDEEP
  
  1536:9uUUgVClmd0qp3Atu7wnmGrmMFcjYe9QK+uRNTFzTxBNeCBoygO:U8VCozwnmGrmvO+tpjeCfP
Score

3^/10
behavioral15 behavioral16
- Target
  
  btn_dark_1_disable.png
- Size
  
  495B
- MD5
  
  653d579d6668c1431cac857b7efe5034
- SHA1
  
  0a606960becc6b7b40f97b34bf4bcb46f679cd45
- SHA256
  
  1214f419b0f821daa6ee796b284662c25002f579d3045b50e82ab8a531925cf0
- SHA512
  
  487b869f9933991c026708e8b47ca34bc268d2f0680a52dab50d99b39d62d669409d999274b3c193b0076a4e03d86b7843efe3ced41fb8a9fdc986c75032917e
Score

3^/10
behavioral17 behavioral18
- Target
  
  btn_dark_1_hover.png
- Size
  
  500B
- MD5
  
  e2d1d028a247d172652fa902395da9a1
- SHA1
  
  80098c9e5ff0e2d53cdd07a132564dc6b9bfe786
- SHA256
  
  361ca657c498b9762869f0561fb0e8346c1d7d511fa8351b704c2b6b67e8017d
- SHA512
  
  5abb58988d1b5072dee85878ba28bd75e2e2a59dc617fbf1fa9e6ca0c96695ff15aed275d6c5653f3e6a594f69d77ca73a5d0ab8488a67dacc7ed44fa32db0b7
Score

3^/10
behavioral19 behavioral20
- Target
  
  btn_dark_1_normal.png
- Size
  
  465B
- MD5
  
  0a6953548ea99f1f3c609f371680de1e
- SHA1
  
  a43039665aa11953064c67535c6c0730e0d42715
- SHA256
  
  f7d278ca8bd08b29bd93c95cdc0232b23ba5bdce09ddc9ccf77a4570c5efc0b7
- SHA512
  
  27daee094b0c04d1967243881cf91128107735f7b378b3dc848eaf4ba7a3c658c7d95eb9f826514f47c82fea0f6a69a8af3a75f9887e009c03dc692e657993fb
Score

3^/10
behavioral21 behavioral22
- Target
  
  btn_dark_1_pushed.png
- Size
  
  455B
- MD5
  
  e9d2c7a7ae25969a0e166d51c921660d
- SHA1
  
  4387b00f8c545a1b25156ddec6c98b3400e379dd
- SHA256
  
  835474b1387b98bd5837668661396fc7cfaa7c934d3422c923ebe9553e5d9552
- SHA512
  
  18da16fa24ce72f66331605e6f7938727373c06b8b97c1ef9789cdd5d4e3178623130a1fa01464211e9db33913c518a2aa1de0ee1eb8f09ab55f4e3082359efe
Score

3^/10
behavioral23 behavioral24
- Target
  
  btn_dir_disable.png
- Size
  
  634B
- MD5
  
  71e683c7fca17d19e59d536056cea81d
- SHA1
  
  80196242b17fe96af99d4663b1bbb912b617fe26
- SHA256
  
  551e25a738681d1365e8853bea823ebb8bdfea8547e5843bf076173be4151689
- SHA512
  
  e63f3f5ba9453687c7c07e2bf9c63974dbac1d916fa3a21f3882e12b60dcb361cb43ba00e9e390e8214347c5e9795021cb1612b7843ab0b18c5239ee865a1fc3
Score

3^/10
behavioral25 behavioral26
- Target
  
  btn_dir_hover.png
- Size
  
  1KB
- MD5
  
  f1446398846b2f7c7779b3a4e34c930a
- SHA1
  
  2adf38f8a439f1e3ee666df91b20a0836e69a265
- SHA256
  
  cf1abbf3c06ef18818272eeae0bf5197e9982385c0633a03e06caef2eea479cd
- SHA512
  
  48e9f62011e6a780c267882613c3c3dedfed0340ac8fedf225d99772d62a8212e1da3d13edc182b924e36fec1f3bd9eab6a42a3360d85320fb38050a3a852534
Score

3^/10
behavioral27 behavioral28
- Target
  
  btn_dir_normal.png
- Size
  
  599B
- MD5
  
  69c49053991a8044a2a3e9330d56f650
- SHA1
  
  e52b4c21b2616a23f4c534b52923fc8eddfca25a
- SHA256
  
  c3d4853cf097def877b54bd9f66ec2beff88d5210306959570e85c0a6b8e1eef
- SHA512
  
  66aba66ab169df7da16cf0a52bbb5fc8562ec04487cec6e2cb25892eb25be76d82f29ec17e6cc92640667f74c433d691b5ea83fb86385998baa44b5461b03643
Score

3^/10
behavioral29 behavioral30
- Target
  
  btn_dir_pushed.png
- Size
  
  577B
- MD5
  
  34e768fe73d27f826589add661153ede
- SHA1
  
  7d7d015b2f428e7bb77ce511b23d27567e086483
- SHA256
  
  8e3cd0fff2a8dc5697b513b3164ff7dcffa30cc7deec7b104e29cede1ab71b0b
- SHA512
  
  80db2b26f4a1af423ea9f16bba4d861cfac428e2f8a4b7772101c0e012c1447027b9057876c8bf2b2a74bb6dc3fa91893bbdf1fee559694af8815f4996bd8edb
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryransomware

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32