General

  • Target

    65caa33e3f52b797f879546268f8983cd2b93f1613ac9bda2c611008a335aafb

  • Size

    4.5MB

  • Sample

    241017-2n7w9atgrj

  • MD5

    7e6448b97894673a9eac677888bd0b86

  • SHA1

    e9807fe9b35956c29dd9b3299b98acb834b5db72

  • SHA256

    65caa33e3f52b797f879546268f8983cd2b93f1613ac9bda2c611008a335aafb

  • SHA512

    4dbb29597b0d34b72bd4396093ed3b920c0d5bf1fe0c4b8f986d3ce74438a3067a27cdc5edc8feb73fcf47e9a19ab644da1dc5f7c4806822d4d0c96f5e72359e

  • SSDEEP

    49152:9tRm0c0EnFQeS7WkYbXyLLTeffww47SMD5BVQ9j7zrcMfawQGic/cJT/sTrD3kTV:41FbNNDQIgT/CjdxvVRA

Malware Config

Targets

    • Target

      65caa33e3f52b797f879546268f8983cd2b93f1613ac9bda2c611008a335aafb

    • Size

      4.5MB

    • MD5

      7e6448b97894673a9eac677888bd0b86

    • SHA1

      e9807fe9b35956c29dd9b3299b98acb834b5db72

    • SHA256

      65caa33e3f52b797f879546268f8983cd2b93f1613ac9bda2c611008a335aafb

    • SHA512

      4dbb29597b0d34b72bd4396093ed3b920c0d5bf1fe0c4b8f986d3ce74438a3067a27cdc5edc8feb73fcf47e9a19ab644da1dc5f7c4806822d4d0c96f5e72359e

    • SSDEEP

      49152:9tRm0c0EnFQeS7WkYbXyLLTeffww47SMD5BVQ9j7zrcMfawQGic/cJT/sTrD3kTV:41FbNNDQIgT/CjdxvVRA

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks