General
-
Target
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45
-
Size
93KB
-
Sample
241019-zyacma1cll
-
MD5
70501eaba6942d8645bdbcc75f971112
-
SHA1
15be29066da06b3d2e7e771afb1ffb637d966987
-
SHA256
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45
-
SHA512
999c020d80f6bbe99399218afcc68d9a9e43fd8896e6b87a39982b64ab97ce258bff1119468e2a1434c9e3d0406a24bf8b3e089ab26436581fb3b6b6e227cfa0
-
SSDEEP
1536:M7qnkAQtSaoGo5n7iLG0/WM6HzNHSaYqezDjxoR0s0QemQfGx8Ni:FCSjGoupWM6Tb8DjxoFeXGe4
Static task
static1
Behavioral task
behavioral1
Sample
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45
-
Size
93KB
-
MD5
70501eaba6942d8645bdbcc75f971112
-
SHA1
15be29066da06b3d2e7e771afb1ffb637d966987
-
SHA256
501c02b960d8ea6d7488e9590bd9b92a4d36c536846d29c383aaba805da04f45
-
SHA512
999c020d80f6bbe99399218afcc68d9a9e43fd8896e6b87a39982b64ab97ce258bff1119468e2a1434c9e3d0406a24bf8b3e089ab26436581fb3b6b6e227cfa0
-
SSDEEP
1536:M7qnkAQtSaoGo5n7iLG0/WM6HzNHSaYqezDjxoR0s0QemQfGx8Ni:FCSjGoupWM6Tb8DjxoFeXGe4
Score9/10-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1