General
-
Target
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop
-
Size
42KB
-
Sample
240821-cmsy9syfrn
-
MD5
d2928a874344bd310125566d09f4ffcc
-
SHA1
41070cb3d688c30ca7b95957e48eaa577e8a027d
-
SHA256
f9dcdbe1929dd4606138f9c77b95c144acd4d711fd372f7bb075b8aa61a83b62
-
SHA512
90a8f22346a1f08f91313f66f03cfd0da228b656f5a0dcd39db0497c300a5ad37e93a62ad78ed82aab0c2351c3e8af9f8923b9a10b06d527a0c6439c8a6b6629
-
SSDEEP
768:cO1oR/dUVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDLNIUe61Akojk1q4:clgS1FKnDtkuImLqUe6h7
Behavioral task
behavioral1
Sample
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files\Common Files\microsoft shared\ClickToRun\+README-WARNING+.txt
Targets
-
-
Target
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop
-
Size
42KB
-
MD5
d2928a874344bd310125566d09f4ffcc
-
SHA1
41070cb3d688c30ca7b95957e48eaa577e8a027d
-
SHA256
f9dcdbe1929dd4606138f9c77b95c144acd4d711fd372f7bb075b8aa61a83b62
-
SHA512
90a8f22346a1f08f91313f66f03cfd0da228b656f5a0dcd39db0497c300a5ad37e93a62ad78ed82aab0c2351c3e8af9f8923b9a10b06d527a0c6439c8a6b6629
-
SSDEEP
768:cO1oR/dUVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDLNIUe61Akojk1q4:clgS1FKnDtkuImLqUe6h7
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8102) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1