Overview

overview

8

Static

static

3

2024-09-14...er.exe

windows7-x64

8

2024-09-14...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker

  • Size

    1.8MB

  • Sample

    240914-v1z9lswerf

  • MD5

    3925cdc1d6cb600054718d10c1bb4600

  • SHA1

    993a9eefe488a3978ffa0933cabd392acc4c1d24

  • SHA256

    ccf9540b7b7952e32c6d8e1edb37387857cf4f43f91bf5356842bf26e809731f

  • SHA512

    4773272f13b300662e8f3b552f3e3fa9a0b6795e7bd14f13e6398de2bd09931b4c6635136b46f2b7f33cc5f399c47c3dff138d9a9adb4868fbdcb0875bb9e3f9

  • SSDEEP

    49152:0pb/gUlz7chwGu8RXWxfLfVYY0Us9diyRXXVqPUqa:0pb4UShwG4xzfVhNsbtFq

Score
8/10
discoveryevasionexploit

Malware Config

Targets

    • Target

      2024-09-14_3925cdc1d6cb600054718d10c1bb4600_wormlocker

    • Size

      1.8MB

    • MD5

      3925cdc1d6cb600054718d10c1bb4600

    • SHA1

      993a9eefe488a3978ffa0933cabd392acc4c1d24

    • SHA256

      ccf9540b7b7952e32c6d8e1edb37387857cf4f43f91bf5356842bf26e809731f

    • SHA512

      4773272f13b300662e8f3b552f3e3fa9a0b6795e7bd14f13e6398de2bd09931b4c6635136b46f2b7f33cc5f399c47c3dff138d9a9adb4868fbdcb0875bb9e3f9

    • SSDEEP

      49152:0pb/gUlz7chwGu8RXWxfLfVYY0Us9diyRXXVqPUqa:0pb4UShwG4xzfVhNsbtFq

    Score
    8/10
    discoveryevasionexploit

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks