General
-
Target
Optimizer.exe
-
Size
2.3MB
-
Sample
241011-1tl2aswcna
-
MD5
be3acdfb13e900b494aff01ac2fe3f2b
-
SHA1
26077a1d80d44ec2012d85c33a5593834bb41879
-
SHA256
2839b3e6f7bd5b3f530c2c4283ca5b16f6231358660a3ac05066fd432eab9bc9
-
SHA512
b76e0948ccd4073792de6406fe66c332d54c1d03bb5435a1594bc85f1a15a73c497ef47ff55e2c343f7f765ac3c75ba941e8f7705275e8740278797816b89b27
-
SSDEEP
24576:Em/7qyOl3F46cUMO34u+EC8vJ6qWwiBjk38WuBcAbwoA/BkjSHXP36RMG:dzqyOl3F46cUuEC8vYqWwiCSA/Bkj0
Static task
static1
Behavioral task
behavioral1
Sample
Optimizer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Optimizer.exe
-
Size
2.3MB
-
MD5
be3acdfb13e900b494aff01ac2fe3f2b
-
SHA1
26077a1d80d44ec2012d85c33a5593834bb41879
-
SHA256
2839b3e6f7bd5b3f530c2c4283ca5b16f6231358660a3ac05066fd432eab9bc9
-
SHA512
b76e0948ccd4073792de6406fe66c332d54c1d03bb5435a1594bc85f1a15a73c497ef47ff55e2c343f7f765ac3c75ba941e8f7705275e8740278797816b89b27
-
SSDEEP
24576:Em/7qyOl3F46cUMO34u+EC8vJ6qWwiBjk38WuBcAbwoA/BkjSHXP36RMG:dzqyOl3F46cUuEC8vYqWwiCSA/Bkj0
-
Modifies visibility of file extensions in Explorer
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
4