General
-
Target
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe
-
Size
20.3MB
-
Sample
241006-jyts9szemd
-
MD5
57e7e2151ac4443d3a30d61d4426428a
-
SHA1
b2adca307d1f5d1c92cfcdac269ccf269bd8155a
-
SHA256
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8
-
SHA512
80059d4d6758ae455bb6dc249454e8ae02817e22818a5faf3187eb8e57ea7889aaac7ecafb39e212d5aac08b6f7c0ef1e85314d84679dbddb45d6862a71f4702
-
SSDEEP
98304:l3sDoRRIfzszbsaX2gRZsn9nuzNexSpFEYD43v:aDoR+zszbsaX2gRZsn9nuUxSQY03v
Static task
static1
Behavioral task
behavioral1
Sample
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe
-
Size
20.3MB
-
MD5
57e7e2151ac4443d3a30d61d4426428a
-
SHA1
b2adca307d1f5d1c92cfcdac269ccf269bd8155a
-
SHA256
4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8
-
SHA512
80059d4d6758ae455bb6dc249454e8ae02817e22818a5faf3187eb8e57ea7889aaac7ecafb39e212d5aac08b6f7c0ef1e85314d84679dbddb45d6862a71f4702
-
SSDEEP
98304:l3sDoRRIfzszbsaX2gRZsn9nuzNexSpFEYD43v:aDoR+zszbsaX2gRZsn9nuUxSQY03v
-
Renames multiple (872) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1