General
-
Target
rocket-league-spotify-artwork.png
-
Size
833KB
-
Sample
240813-phnj7ssgrg
-
MD5
28952f1e3e40281a2fab2de9f228bc8a
-
SHA1
b4db183ea6ad6b6cc31c8cae5c6feba5352a1242
-
SHA256
40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735
-
SHA512
26a4d65a82d7594dd7cc65ecf372cd4abeb2367b7dc4589eb5e1ca55b868fae15995f0f3921580348d46e1bf2a6d803ceaad48792dde38c90ae593de8088d0b6
-
SSDEEP
12288:BXhYChvXgQEOUmrify0TXJq8UXyTIU8sGEcqu6vO3QSWh8Xsq0BD4jJyJoc2HaP6:jHFgQEjQsq3yckGDP3Qvq0BD4jJyJoB
Static task
static1
Behavioral task
behavioral1
Sample
rocket-league-spotify-artwork.png
Resource
win11-20240802-en
Malware Config
Extracted
C:\Users\Admin\Downloads\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
rocket-league-spotify-artwork.png
-
Size
833KB
-
MD5
28952f1e3e40281a2fab2de9f228bc8a
-
SHA1
b4db183ea6ad6b6cc31c8cae5c6feba5352a1242
-
SHA256
40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735
-
SHA512
26a4d65a82d7594dd7cc65ecf372cd4abeb2367b7dc4589eb5e1ca55b868fae15995f0f3921580348d46e1bf2a6d803ceaad48792dde38c90ae593de8088d0b6
-
SSDEEP
12288:BXhYChvXgQEOUmrify0TXJq8UXyTIU8sGEcqu6vO3QSWh8Xsq0BD4jJyJoc2HaP6:jHFgQEjQsq3yckGDP3Qvq0BD4jJyJoB
-
Modifies visibility of file extensions in Explorer
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5Subvert Trust Controls
1SIP and Trust Provider Hijacking
1