Overview

overview

10

Static

static

7

Bandicam 7...m].rar

windows11-21h2-x64

10

Bandicam 7...up.exe

windows11-21h2-x64

9

$PLUGINSDI...al.ini

windows11-21h2-x64

3

$PLUGINSDI...er.bmp

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

bandicam.ini

windows11-21h2-x64

3

bdcamvk32.json

windows11-21h2-x64

3

bdcamvk64.json

windows11-21h2-x64

3

data/camera.wav

windows11-21h2-x64

6

data/effec...10.dat

windows11-21h2-x64

3

data/effec...15.dat

windows11-21h2-x64

3

data/effec...20.dat

windows11-21h2-x64

3

data/effec...30.dat

windows11-21h2-x64

3

data/effec...10.dat

windows11-21h2-x64

3

data/effec...15.dat

windows11-21h2-x64

3

data/effec...20.dat

windows11-21h2-x64

3

data/effec...30.dat

windows11-21h2-x64

3

data/language.dat

windows11-21h2-x64

3

data/langu...ix.dat

windows11-21h2-x64

3

data/lclick.wav

windows11-21h2-x64

6

data/rclick.wav

windows11-21h2-x64

6

data/sample.png

windows11-21h2-x64

3

data/skin.zip

windows11-21h2-x64

1

data/start.wav

windows11-21h2-x64

6

data/stop.wav

windows11-21h2-x64

6

encap64.dll

windows11-21h2-x64

1

lang/Japanese.ps1

windows11-21h2-x64

3

Bandicam 7...eg.rar

windows11-21h2-x64

1

Visit www....om.url

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bandicam 7.1.4.2458 (x64) Multilingual [pesktop.com].rar

  • Size

    30.5MB

  • Sample

    241012-wja4tsxfmn

  • MD5

    bdc8dfce29593536c36c4023d3258824

  • SHA1

    38b4c25886e303d791f70e31c26ba203d29cdbae

  • SHA256

    3c133f67bed07aa7eed0c030a130dcf7c72a24848e7ebc9a4e00102ad2f99cde

  • SHA512

    c9ae58013c848735efd853cc1e85dda746a0955a2715753fa1c1fae873deff0466e177157f48e48f910ff17af035b68dbd336930124f3aa1fc0c61d958aef669

  • SSDEEP

    786432:AGxoUF03hbgd8HTXIOdwF4a9pO3PPWc04cg2S4N:wIAgyNHaPOfgTS4N

Score
10/10
wannacrydefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealerthemidatrojanworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

    • Target

      Bandicam 7.1.4.2458 (x64) Multilingual [pesktop.com].rar

    • Size

      30.5MB

    • MD5

      bdc8dfce29593536c36c4023d3258824

    • SHA1

      38b4c25886e303d791f70e31c26ba203d29cdbae

    • SHA256

      3c133f67bed07aa7eed0c030a130dcf7c72a24848e7ebc9a4e00102ad2f99cde

    • SHA512

      c9ae58013c848735efd853cc1e85dda746a0955a2715753fa1c1fae873deff0466e177157f48e48f910ff17af035b68dbd336930124f3aa1fc0c61d958aef669

    • SSDEEP

      786432:AGxoUF03hbgd8HTXIOdwF4a9pO3PPWc04cg2S4N:wIAgyNHaPOfgTS4N

    Score
    10/10
    wannacrydefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealerthemidatrojanworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      Bandicam 7.1.4.2458 (x64) Multilingual [pesktop.com]/bdcamsetup.exe

    • Size

      30.1MB

    • MD5

      19e1756c53cd2366d3d0ac1838c09f53

    • SHA1

      5d637d39e37b71abd130c43c393865da5b6471f4

    • SHA256

      bf76a5b846bb434469560b70a84175361bb276484ba5d45b040a4997f90eba55

    • SHA512

      ce8918a879eee3434eefe76c76a6498a540d4f793611430414232c2db145c151e10a1e58731dc4584a5aff8ba7728b50bb1269ce4df7e7c1660bf895e0bc4b5e

    • SSDEEP

      786432:tmY0YHo15h+TeYB4zK8ZjyhtOJ3HmmTeh+BDr9R8V0PYNr/h4vu:U1J1qTFOu8ZSOJ3NTeQDxRgr/9

    Score
    9/10
    discoveryevasionpersistenceprivilege_escalationthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      $PLUGINSDIR/ioSpecial.ini

    • Size

      211B

    • MD5

      e2d5070bc28db1ac745613689ff86067

    • SHA1

      282e080b4cf847174c5c11e4f9157b8c338ecb19

    • SHA256

      d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0

    • SHA512

      a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/modern-header.bmp

    • Size

      31KB

    • MD5

      e76a5505a53440c94705bbd6b81ee9da

    • SHA1

      2e0fb8a3510d45418885d2a235a81d4d9726b19d

    • SHA256

      d35892f125fc5b7af8eab35c5d92a02e310df2156f631a564598d04248f5d77f

    • SHA512

      3965a6debd88afd921d7aa78685ce945aaf1bf4f1d0e615950b7dadb7a5543418d3fc95f344e71692d1ee967293e82365fc3953efb431ddefb27fbeddac5e1d2

    • SSDEEP

      768:alll8lllMlllslllclllGlllflllZlllDlllslllHlllhlllZlllhlllklll2llu:7RA8

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      190KB

    • MD5

      df49e245eca7bb28691faf396c32b934

    • SHA1

      1aaa48e74e8615fdcf24845f672e676acd47b88e

    • SHA256

      b751fa1a1a2291ba1282d49936cd641c4e4340794f475294abd5e4817952a41e

    • SHA512

      68aa752c5413eb36c3b1ed8a966cae9b3e3af266943c6482f5c5a18bb4cfb42f1c68f7c774eace0805ff277334437188bc0b5af20e96dc40502587d2798207e4

    • SSDEEP

      768:Cglllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllu:cd6+0A3fv

    Score
    3/10
    behavioral5

    • Target

      bandicam.ini

    • Size

      27B

    • MD5

      e619f33a2ce4f35c0938da71ab5be07d

    • SHA1

      b2217a323e72a62cf090857edbb8caaed05748d1

    • SHA256

      08e8047987a0efe3d644ab5c11fd53cea99f97a9e69bedd9974ee3afef4d796c

    • SHA512

      90276871f9c6b73c1086493428f478987c0ca00b70f036e51d15f2d3117c23fe58de20929da71ed7b9ec54af21b26ed7db15330ce9597430a80ba54737d20601

    Score
    3/10
    behavioral6

    • Target

      bdcamvk32.json

    • Size

      340B

    • MD5

      c235336e82acbce1559eb4f3df06bf37

    • SHA1

      d165bd3bae64515519318d9748f03a4d4c85205b

    • SHA256

      10a901c2baf84e97f1785903e85626324558a09ff9a3a7f5133db751d7964592

    • SHA512

      45bf8ce92b9909299b81e647229958415288c74e72302fc3ab2487e08121b861ce40a21763cd1af59dc65b546a2c3a1bf4f0b26e5905791d8047a3141083228a

    Score
    3/10
    behavioral7

    • Target

      bdcamvk64.json

    • Size

      338B

    • MD5

      92da5236353dd62c464d7185251bf8cd

    • SHA1

      b90e18456328c205d7527bcc5d3e61a30a606dde

    • SHA256

      7dd34822236880734b9857ce6fe0438f67001ef0b4e9797fba215865b065be47

    • SHA512

      01a1d42f1d253fc36c0f40e5e75d67afb09809646ba442ab48982a9944dad46cf7a0a455b0c320358e9811113f3addaf88cc9d02ac524bd6680a9ba3151740d5

    Score
    3/10
    behavioral8

    • Target

      data/camera.wav

    • Size

      65KB

    • MD5

      f35feb61a16e6ddf1f29d4548735c517

    • SHA1

      b0cc0cfd46f88cc3c0de837a2bb281f5274c97f1

    • SHA256

      366e5a005d4be5afa7d49ec7778edc67a52c67e1903b44e861aa620e287762b4

    • SHA512

      e9641f4c49f0ea6621a61f0d2792528ae9e7ce3113bc1267fa0c3f130f599317a985f3a88c31749410d7d54652ab832aa52650a6be82c8969232f99344553da1

    • SSDEEP

      1536:ExVn3oGxznQ0/YNnNljjwn+e0wvXpV4UHxA0yEMLjizwEeDWKkp:+YGVnN/anXvY0Tex76L0wEeDW1p

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral9

    • Target

      data/effects/effects10.dat

    • Size

      58KB

    • MD5

      fe3d7459d1e60f1a3a9f4de092e46ba7

    • SHA1

      c8545c0873e896d9549c9a66f099b67f36ba461e

    • SHA256

      184bd469a52b67c553fb934bf4122334449f6b6bff86c07ba193eab2ee617427

    • SHA512

      77eba3abacf6db565dbe8dd6f9107cabcb390c40512aca9c09d7d1d590f522cbfa97940d4f06cec71022053af4b13176183997fa14c7a10531cc5511709c8d86

    • SSDEEP

      192:CKgNy3tmieTtcBonQv9JPrRLeUMPRRgw6NQURTgK4cY5VTSttWnQ:9gF56onC9RLPNFekN

    Score
    3/10
    behavioral10

    • Target

      data/effects/effects15.dat

    • Size

      129KB

    • MD5

      9158134ace4961296a4ee8baf326d23e

    • SHA1

      931f9a24186052b424bb19f99065db161c9c48d5

    • SHA256

      b45c1839d5895b00c06a1ef41dca3cd24a68e0f340ae45922d654dda3cfec5ff

    • SHA512

      310c0aa541f3b2d4ed0213254e33f1f3a56bddf34d8ce61c18ead819df8a6b2bae19b14bbe049582061bf006e0948f35298fb59fc1734b77df218ae5888e5cdc

    • SSDEEP

      384:CFR34Hm92IhkhCoF4teSX0MmCbGX7o91a9LebtE10KKjnfRAdM:MR34Hm9XhkooGteSEWSLiZRA

    Score
    3/10
    behavioral11

    • Target

      data/effects/effects20.dat

    • Size

      228KB

    • MD5

      4a22264f25cdac2709796db7a0b67d39

    • SHA1

      dee39792e1a7ddae4ee2d083ea293a5205bdbb75

    • SHA256

      42652ca47e2abf81efd93270364edd72e663faf184fe26b20a88946cc29935d7

    • SHA512

      896035afd0fddd5dd08f42d79a22eabf102dfc797ce80c605eb9a3a2411f278172388c009d2d64d01dadf03a70a9b799a74b6e71bf3c22b0c768553b5d42e4ff

    • SSDEEP

      768:n3NH+jVQMg/eG225wyeBebg3GPqr7mu+B0ix7lU50IrKt3j++P4:3NEVjg/PSmgSlQeP4

    Score
    3/10
    behavioral12

    • Target

      data/effects/effects30.dat

    • Size

      511KB

    • MD5

      67363fcf74ed7631695653ded26b02c4

    • SHA1

      0d885cbcb8dd1c804b1fb914e2768497997a2cc0

    • SHA256

      9a3a601dc20fa1ab8227441338862f712442eeeb66c767703b856a2f2fe6298f

    • SHA512

      e2637b6bd2fe9b050211842a4ad7a0f36617ee15e587905a1a59effe033283ae83c74034c62e5b0fb32606e5a5dce0885ea0807f8ef8e4511e77a93bb05aab0b

    • SSDEEP

      1536:jJl9eUvkwFWw1JZHjNiHYrtwvYM1NOjaR:joMkwxjNiHYRwv

    Score
    3/10
    behavioral13

    • Target

      data/effects/highlight10.dat

    • Size

      3KB

    • MD5

      e734e8f933a0f60adcc30c465bbe1c4c

    • SHA1

      d7722aafbf6a2aacec2c1740e99a23af7d01b966

    • SHA256

      a2b6a948b305d71bb8cf7bde3a79a3194ee29562e5c447a46b7efac831aee5c7

    • SHA512

      802c993816d3e6aa868f67c384f3702af636415560f10de8336eb226639b180da4b2211b922bcfbb0d4accb3111a450603f20437f46436a067f05356f0752d2a

    Score
    3/10
    behavioral14

    • Target

      data/effects/highlight15.dat

    • Size

      8KB

    • MD5

      06cb42d354f7c1e783cdaf23e27ce126

    • SHA1

      b51cb8b3dca12cb8814e5a6d16afc72b79cad73a

    • SHA256

      d572987969d0d96852cfef48b5b77062439645e31b27385186a9eac027298495

    • SHA512

      2643b245f2103a58ec69c81912992315c48bdc4767c05f8ef6df4c44dae49a2357c1b45d169a0e395e51dfda4575490fb3527be8015421a05fc34a4d8bd0b100

    • SSDEEP

      24:6r6v1W7+tQYQDD8EVBEs7DS0eVstUaX2vgwLw1tHvH:d15tQXH8EQcmstUaGxM19f

    Score
    3/10
    behavioral15

    • Target

      data/effects/highlight20.dat

    • Size

      14KB

    • MD5

      4de77d9a4cb12e283120889d52369b99

    • SHA1

      4f334bcd99c0c894b12bf4daa14049593094777d

    • SHA256

      01b95c2702168da675e04a6d9e460361e870d520f52a22c893857fb6c9244663

    • SHA512

      0e14465a37908e46a424e6a6303752d44011f30afb8fee5b2bf24b750a9e0053ba77ba6291f7c5ad7fec57bf4f9652fbf9b2d630a590cc8d7ba9643b9be7ab24

    • SSDEEP

      24:4r/9XuWwFNAh4JDf5OuolciAs9P7gDD8cyoXl7Dq4NLshLcjGNkmMK+:G/9XuWKAWJD0q1s9P7gDD9ygfkTNMH

    Score
    3/10
    behavioral16

    • Target

      data/effects/highlight30.dat

    • Size

      31KB

    • MD5

      ee9e3d87dc6dbeeee432d9577c3ed566

    • SHA1

      e742080610b5bdaa769d1757cb7026b60e32fe6e

    • SHA256

      812d5d88cc5cc0bfa4308f421022e6964962f30041286744ebf69ce5320638a6

    • SHA512

      b918fa69cdc070e874033feb0e7e3e7d63a8c36bcd6f8ab0d2e2f1f4bbd23a6619c1ff3786193fa0a2985b604a52c606435596b701493270a94f6460bf3be3dc

    • SSDEEP

      48:f7aZKmdOpydqixkcrOY+blCTzC8zTzOYHnVYVGOdNa7JZQm:f+ZKmdPdFEETzXnVYVGOdNIrQ

    Score
    3/10
    behavioral17

    • Target

      data/language.dat

    • Size

      97KB

    • MD5

      1a2907234b069c1e52ad296bceb630f0

    • SHA1

      202f189aa148ab080225c6fb351b5e664847f8ea

    • SHA256

      789704bfc14da7326bb4756b7339026d8915914905e821d57a69804b11a27bf0

    • SHA512

      27a8b36ccf0353cb0fc41d1b41f0c66cfe7c41e95a79918498051c1c70b08d9a76ca0c9ca3f5361bf12a5f26be919766a84831ed4171690ab545f68c88612c85

    • SSDEEP

      1536:zFy4a8uTQavNA3HCiOGlExM6depWxPQBhK3E6G1dMC1UxCRWFChjvyceEHP6D8jy:zA4a8uTQZj1JD6

    Score
    3/10
    behavioral18

    • Target

      data/language_bdfix.dat

    • Size

      1KB

    • MD5

      0eab7a9587fed4adb36eeefe9a53ea49

    • SHA1

      61dc3199922b9a6a66466abafb652315db431c50

    • SHA256

      1a9f30d40beda174fadf0fa409554154939bc1d8c449d06e49e97942ce0a5bc9

    • SHA512

      a57903a270f266d49fa5edaa1debb71ebe611d84ffc06fe59372823d3dc31d3275b2f1eefe11e3b6543a8aa422fca424a172ae6c109f043d11dbcb164ce6bbc1

    Score
    3/10
    behavioral19

    • Target

      data/lclick.wav

    • Size

      69KB

    • MD5

      edc287a54e68f13033dd06a688574cde

    • SHA1

      4d20d2d093de6d0b3a2521bfbe2d29afd8b16dcc

    • SHA256

      5c03d7d2366592d9e35264b957131ddea2676fe505680de70f5e0878f70ce0c5

    • SHA512

      0fafd1e1041d89362bc66b1fcc07ed7b16db578d2b531fd6093c4eb267438db78d26bf5b5a2f5f102137d4935957215ac00451915a200cbf82c5ef5a8aaca2a4

    • SSDEEP

      768:8ElMjPf1wNlVLYEtn316Lq1uu7ZptHB0kxOC7wTze6P7aBOBejLI:vUeNlH/6OMap16kxwTze6P7Q8ejLI

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral20

    • Target

      data/rclick.wav

    • Size

      68KB

    • MD5

      302e0e3b92e3443f60bdbad8d59efed3

    • SHA1

      cf317e9f9d6973efe590525525994ea6bc87563a

    • SHA256

      81cad36978281837c3ba3abc26d782fe51591ea923bf31fbf3130ff86cd5f752

    • SHA512

      5a0a5f11f1726a09dec53933a032e28506539a99c55e34aac6d93ace1c8f19c7566268ce4e8483f54ba99287305455ec1ddbcf56ae53a5a3f5140f834f637e13

    • SSDEEP

      384:q7hENDwWwlwsQ11S/iRLvXccDVmvYFziHJHfnrgFGA5Ukzrn99MX/fHEos5:00Pz5HzHlQvroGAqM99+12

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral21

    • Target

      data/sample.png

    • Size

      6KB

    • MD5

      b15920eb69ff277893df1d6a5aa07653

    • SHA1

      2c3821163ed97471db7f9555792bbd721fe33cbb

    • SHA256

      a6609b23e0389a124c2d59f05a89e31287b68ae85f2fe5ea89defcdb6b94d1f0

    • SHA512

      8cc1a95f65926f3cd9ffb157a38c1a617f89153447e2ed2d1b1dc7ca75b4276a4d0203aa583c49b0ce75220cbd9988cdeccf30986c3dc9136bce6794ac6d0a67

    • SSDEEP

      192:7/fIR+Ef9vhf8HFVhfnF7aBfyw3DbpCibZbEn:7oAEFpf8l7F7Tki

    Score
    3/10
    behavioral22

    • Target

      data/skin.dat

    • Size

      886KB

    • MD5

      0ed0bd09d7e9b6b0e6da517051f7bea9

    • SHA1

      96118d2ef582d0f5f24f94032006e25c811d0e30

    • SHA256

      aa3675507788f24ddc35b314fe04b6954172a39a602a7b1bf12598549b125837

    • SHA512

      dd0d1de71a6f257ce25d99e7f37f8e650ae30e2364a855dd8f2f91987011aec6ae0872abe506e61e576d8a95676389b5e847afbe465885294d74b01db2800612

    • SSDEEP

      6144:Avfpu5Djlg/4Xmv6tpXHj5Bf5FazZctj5FvUPOQaXURkT/hQ:A3ojmv6t7FaU5FMPOnkR4i

    Score
    1/10
    behavioral23

    • Target

      data/start.wav

    • Size

      14KB

    • MD5

      6828c136e31a5d49e775fb83c890b092

    • SHA1

      6e1cb4844bdecf7f18b15b90178f6364a18de0fc

    • SHA256

      3cc24811b0e9bd9809017018643d1bb8ffed0b712d11134779a7119acb785b1f

    • SHA512

      ccd379d53f9d5472980b3fd799edea7155c6a15ceb9e094db31d501c7fce914c8b0026e1f4487c3785350d7b980b78cd266e5c8dc93bf10188d06d02eea966af

    • SSDEEP

      192:cndp5avBPrGU+W527QGbgDlMFzEA6Yg6nW7zzQxJyy0AB8PeahXJlnxFD:cdp5SdLP58nbDFzOQW7syu8WCH7D

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral24

    • Target

      data/stop.wav

    • Size

      44KB

    • MD5

      18326866256e514224f4a26de285cd5a

    • SHA1

      fdfddafc3d08b13e90cff3f3e84725541cd41e08

    • SHA256

      bad2191be9c1ce31faa7cc354fb0b8359337f17c1190c03eaaa5ed1308b6793c

    • SHA512

      9f97baae1fe72f6093ed77b320dcedbafbc489c4cc5f1be58ed8d7582e8cf914b54905a5a41dba01f4574f9d4865103e3d239e255d3408f84b91949d4f475de9

    • SSDEEP

      768:7CEW7j5YuxKfsrY+hOliiTsRJkoYngkjM/BEccCs3pv5rraxDNVlfhD:7yKu8kr3hOX2zkjMpFMpBPaxn

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25

    • Target

      encap64.dll

    • Size

      223KB

    • MD5

      3a9c5ba1cd79752bcd6e3bad59645c89

    • SHA1

      e7bb57a7ffb19bb3623f99275621124c73de79d8

    • SHA256

      2761566fafad890783483069d7070592b25269d8fdc16d796115a4262aac9bd6

    • SHA512

      0b82d7524158e6a7d38413f0059bb3230a7fe1cae825cf4d9ab3f69de7994ff7b7941c0407e3beb90abb21334cb0927ac6197c0fdb8817449505887fd8d4a412

    • SSDEEP

      3072:s7ZIsHYwvPrBJ2vcPWZ95BEL4IJk5iAdv++zdJknoDfgTjMc48FVd5:yIsHYS32vcPWZ964YOiGW+dgTAcr/

    Score
    1/10
    behavioral26

    • Target

      lang/Japanese.ini

    • Size

      114KB

    • MD5

      ef1d69205ec73af0572ca15d96b05e4a

    • SHA1

      17f0e0c81d3d4d1e027673616345f3a1a7bcbe23

    • SHA256

      249a68f95bbaf7d7390d3aceb1cc5284a2cf61f0a6f90a73ac1c489624c45601

    • SHA512

      25d0b4063205e3cb4659b5b7ac064a288eeace85bba31278fd62a597295019805526d4604a7200eb3b47a67f9c8c83bf1ec7afb64206fdba1f7b57f28837d116

    • SSDEEP

      1536:+7IRhbcXQTyWDTm60K697FxT65Jk8Fv4/rb8rqXiqjdD+tnAo8YiAhf25Ze:Pjjm7+5Jk8Fv4Db8rGiWLAd25Ze

    Score
    3/10
    execution
    behavioral27

    • Target

      Bandicam 7.1.4.2458 (x64) Multilingual [pesktop.com]/reg.rar

    • Size

      381KB

    • MD5

      6ca9db80ad0fcaccd2c5218cfcf77ed7

    • SHA1

      1fc26a526ac1638a76c09425e9940d5d73448815

    • SHA256

      88670d8828a06358b345eaeb4f370c0a1d710f7d4cb6e0e38cde0cba254fbf84

    • SHA512

      854e1c05a06b5a8ee9da176db660bae9b488a0a2df235cdec66d65f084dc8656877b81102039d36e47b612e44a47817939ac7ffb0b94cc730783bddf5fdbd088

    • SSDEEP

      6144:Sldk1cWQRNTBhuHzoXa9fQt5hBPi0BW69hd1MMdxPe9N9uA069TBIfHzoXa9fekf:Scv0NTjczo6fQtzww69Tavzo6fjAMn5

    Score
    1/10
    behavioral28

    • Target

      Visit www.pesktop.com.url

    • Size

      122B

    • MD5

      ec78904d048134a63c41a2dd63a5b201

    • SHA1

      31423c68a5d5a9401a973d2cbd6c8d84607821d6

    • SHA256

      42e647086d0d6d89c283279ab7974260ed242b0b925d683c8856af8c004ea430

    • SHA512

      e0edfec56103424fe78d6e6d32ae80c91369bd2327753c970ef778ac585467e31a2413b00a46d569b256b3b81fd005cd69167890714fb50384722c1a0cc5e861

    Score
    1/10
    behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Indicator Removal

1
T1070

File Deletion

1
T1070.004

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

6
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

1
T1490

Tasks

static1

themida
Score
7/10

behavioral1

wannacrydefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwarespywarestealerthemidatrojanworm
Score
10/10

behavioral2

discoveryevasionpersistenceprivilege_escalationthemidatrojan
Score
9/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
6/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

discovery
Score
6/10

behavioral21

discovery
Score
6/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

discovery
Score
6/10

behavioral25

discovery
Score
6/10

behavioral26

Score
1/10

behavioral27

execution
Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10