General
-
Target
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N
-
Size
93KB
-
Sample
241006-kfxb4szgrf
-
MD5
97a110779bd4ef46c769942fcc8ce550
-
SHA1
9d8a4bb7149dd594a43093fce59c79b97b894833
-
SHA256
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72
-
SHA512
f0a6c33bb14a77023b218c81a7153a973f634281d662ae634f077e3102336f64f7cbe8a5f801a9c5d95c3484ce0e4c4832bf056821a408bf9df71937980cd73c
-
SSDEEP
1536:pRpe57NPxRr7Xy/HdMJm4oFnYFKlOEYbilUCKk1dqDWCm8e6tu/xywhaoUTfcQ:ENLr7i/mFoFnYAclidxp8eSuDaozQ
Static task
static1
Behavioral task
behavioral1
Sample
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72N
-
Size
93KB
-
MD5
97a110779bd4ef46c769942fcc8ce550
-
SHA1
9d8a4bb7149dd594a43093fce59c79b97b894833
-
SHA256
b2c02d50479a687df087d4b63fdb6b85dddccb0884f3ae512430d6d4927b3c72
-
SHA512
f0a6c33bb14a77023b218c81a7153a973f634281d662ae634f077e3102336f64f7cbe8a5f801a9c5d95c3484ce0e4c4832bf056821a408bf9df71937980cd73c
-
SSDEEP
1536:pRpe57NPxRr7Xy/HdMJm4oFnYFKlOEYbilUCKk1dqDWCm8e6tu/xywhaoUTfcQ:ENLr7i/mFoFnYAclidxp8eSuDaozQ
Score9/10-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1