a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

a11218990e...c2.exe

windows7-x64

9

a11218990e...c2.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2
Size

997KB
Sample

240921-ytsgza1anh
MD5

a5f09807ed92c8de93cca6486bff2f6c
SHA1

0648f4d42c1b325cb41224927fb68ede9bad27a7
SHA256

a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2
SHA512

88ccd61f209b077a6d22b70f1b87765f2410408436f5d02b312056619fc7f03d6f262bf780e4c177a0731830ac2679f0802112e2ff89f6a70c990123fcaace09
SSDEEP

12288:ohDex59iC4geF4487u2QWYgeWYg955/155/sqKQ5w22rLFZKF6bWe6akxh3CU+o/:UexN4geF4t7u2vKbbKF6ezh3MAQ

Score

9^/10

defense_evasion evasion execution impact ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2.exe

Resource

win7-20240903-en

defense_evasion evasion execution impact ransomware

windows7-x64

15 signatures

60 seconds

Behavioral task

behavioral2

Sample

a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2.exe

Resource

win10v2004-20240802-en

defense_evasion evasion execution impact ransomware

windows10-2004-x64

17 signatures

60 seconds

Malware Config

Targets

- Target
  
  a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2
- Size
  
  997KB
- MD5
  
  a5f09807ed92c8de93cca6486bff2f6c
- SHA1
  
  0648f4d42c1b325cb41224927fb68ede9bad27a7
- SHA256
  
  a11218990ec35fda067e6a8abc7d5aff29069d4628a56c1dd16f1e1df0687fc2
- SHA512
  
  88ccd61f209b077a6d22b70f1b87765f2410408436f5d02b312056619fc7f03d6f262bf780e4c177a0731830ac2679f0802112e2ff89f6a70c990123fcaace09
- SSDEEP
  
  12288:ohDex59iC4geF4487u2QWYgeWYg955/155/sqKQ5w22rLFZKF6bWe6akxh3CU+o/:UexN4geF4t7u2vKbbKF6ezh3MAQ
Score

9^/10

defense_evasion evasion execution impact ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasionevasionexecutionimpactransomware

behavioral2

defense_evasionevasionexecutionimpactransomware

© 2018-2025

Terms | Privacy