f98292a2c4ae22661330b2acf3fb703c143070fc74358369663124aa6adbd7f9 | Triage

Sharing

General

Target

youareanidoot.bat
Size

3KB
Sample

241023-tscmxa1fkq
MD5

f5d50e0b69225c57f2af748bda2a8e7f
SHA1

c45998fbda9b223fcf9b2f2b43ac76229dea009b
SHA256

f98292a2c4ae22661330b2acf3fb703c143070fc74358369663124aa6adbd7f9
SHA512

3efbda1e091d1154d442f4a6e11f147be742cefe6828352f046835c7545e1eb9132cd4611fcb1968fad4d85e19e3e6add36fe0d8f83ab5ba2fc52fbbdd9ec5e1

Score

8^/10

discovery evasion execution persistence ransomware

Malware Config

Targets

- Target
  
  youareanidoot.bat
- Size
  
  3KB
- MD5
  
  f5d50e0b69225c57f2af748bda2a8e7f
- SHA1
  
  c45998fbda9b223fcf9b2f2b43ac76229dea009b
- SHA256
  
  f98292a2c4ae22661330b2acf3fb703c143070fc74358369663124aa6adbd7f9
- SHA512
  
  3efbda1e091d1154d442f4a6e11f147be742cefe6828352f046835c7545e1eb9132cd4611fcb1968fad4d85e19e3e6add36fe0d8f83ab5ba2fc52fbbdd9ec5e1
Score

8^/10

discovery evasion execution persistence ransomware
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceransomware