General
-
Target
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94.exe
-
Size
497KB
-
Sample
241003-caabdsyclm
-
MD5
c43f12b8330643c72d21bad3b6cfcf82
-
SHA1
f453f42de8151323472dbe35b5d48084e0012216
-
SHA256
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94
-
SHA512
987ce1e4dd8f69100b1514a1c9b0a2abad5fa028dc9a22532fb088308596e8f372d30cb89f140927c459421febe762cfe3668ec21b9deb546e7a50266d605efe
-
SSDEEP
6144:UFoCbN9uRh5W8iZuYtWrJhN7L6aMFNCk0Y+sPgtuMf9opaMPdZXT:qvZTs7N78CrZsPgUG9oDlZ
Behavioral task
behavioral1
Sample
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94.exe
-
Size
497KB
-
MD5
c43f12b8330643c72d21bad3b6cfcf82
-
SHA1
f453f42de8151323472dbe35b5d48084e0012216
-
SHA256
a0d4d52885b654cbfeefd194359936072133519c2bc7e8f68b7b668e59c67b94
-
SHA512
987ce1e4dd8f69100b1514a1c9b0a2abad5fa028dc9a22532fb088308596e8f372d30cb89f140927c459421febe762cfe3668ec21b9deb546e7a50266d605efe
-
SSDEEP
6144:UFoCbN9uRh5W8iZuYtWrJhN7L6aMFNCk0Y+sPgtuMf9opaMPdZXT:qvZTs7N78CrZsPgUG9oDlZ
-
Detect Rhysida ransomware
-
Clears Windows event logs
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8145) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Hide Artifacts
1Hidden Window
1Indicator Removal
4Clear Persistence
1Clear Windows Event Logs
1File Deletion
2Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1