Overview

overview

10

Static

static

1

gridIcon.1d8a85f3.svg

windows10-2004-x64

gridIcon.1d8a85f3.svg

windows11-21h2-x64

1

Resubmissions

01/10/2024, 17:39

241001-v8rx7sscln 8

01/10/2024, 17:29

241001-v232ws1hlr 8

01/10/2024, 17:27

241001-v1w7ys1gpp 8

01/10/2024, 17:27

241001-v1kh6avgnh 3

01/10/2024, 17:23

241001-vyawya1fmk 10

01/10/2024, 17:21

241001-vw3h6sveqg 4

01/10/2024, 16:56

241001-vf6wnatgrb 8

01/10/2024, 16:43

241001-t8m4kstdkh 10

01/10/2024, 16:06

241001-tkjq9ayanl 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gridIcon.1d8a85f3.svg

  • Size

    293B

  • Sample

    241001-vyawya1fmk

  • MD5

    1d8a85f34abd62b14d14839dfc8c61fc

  • SHA1

    ce4656701f932004cb94519e610f888f8b22ccef

  • SHA256

    e0a95ac99f393fd7815f43de65beaef59bacd5d6af1a394688ad88ec2984edfc

  • SHA512

    b560c2023f0590c4da329c245ff1259a285fb969686a3c10861f3c829cd53f800f98c8768c4f6a8b6f08f9fa4d2a57472958765fd24aace6427e11824238a0a2

Score
10/10
discoveryevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      gridIcon.1d8a85f3.svg

    • Size

      293B

    • MD5

      1d8a85f34abd62b14d14839dfc8c61fc

    • SHA1

      ce4656701f932004cb94519e610f888f8b22ccef

    • SHA256

      e0a95ac99f393fd7815f43de65beaef59bacd5d6af1a394688ad88ec2984edfc

    • SHA512

      b560c2023f0590c4da329c245ff1259a285fb969686a3c10861f3c829cd53f800f98c8768c4f6a8b6f08f9fa4d2a57472958765fd24aace6427e11824238a0a2

    Score
    10/10
    discoveryevasionpersistenceransomwaretrojan

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks