Overview

overview

8

Static

static

3

hwid-grabber.exe

windows11-21h2-x64

Resubmissions

10-09-2024 01:42

240910-b4w7ksseng 10

10-09-2024 01:28

240910-bvqy7szgnp 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hwid-grabber.exe

  • Size

    165KB

  • Sample

    240910-bvqy7szgnp

  • MD5

    e80e0a0a2310796a56c7ec9aa9fda999

  • SHA1

    ea9fedb56b4d0a4d71debfd6e4bbeff4cdf05ad5

  • SHA256

    c5f7ea90bf652239c9de92ab63e2d04a48b29af08ca5e2218996abc7c0840bec

  • SHA512

    7355085c43ed964c9517d9e15b33a4ff05a50fad50c9163b0a1b9b6d0e4bdc4a20ecb1940af60fe19fe4d193b195dfc3ae09a6e27e166f78d27666cde35b4224

  • SSDEEP

    3072:mFWMEe4i9C8rFgfM/BlTz88R/QofipPD+HjDBsueD55qro5iz6:mAMEeBc8BgfMJB8Y/ipCD9suC5l

Score
8/10
discoveryevasionransomware

Malware Config

Targets

    • Target

      hwid-grabber.exe

    • Size

      165KB

    • MD5

      e80e0a0a2310796a56c7ec9aa9fda999

    • SHA1

      ea9fedb56b4d0a4d71debfd6e4bbeff4cdf05ad5

    • SHA256

      c5f7ea90bf652239c9de92ab63e2d04a48b29af08ca5e2218996abc7c0840bec

    • SHA512

      7355085c43ed964c9517d9e15b33a4ff05a50fad50c9163b0a1b9b6d0e4bdc4a20ecb1940af60fe19fe4d193b195dfc3ae09a6e27e166f78d27666cde35b4224

    • SSDEEP

      3072:mFWMEe4i9C8rFgfM/BlTz88R/QofipPD+HjDBsueD55qro5iz6:mAMEeBc8BgfMJB8Y/ipCD9suC5l

    Score
    8/10
    discoveryevasionransomware

    • Disables Task Manager via registry modification

      evasion

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks