renamer | a65ba93ec78558053bcebe1b7a512aa7ebc402eef96ccc1cd41062f3da517375 | Triage

Submit
Reports

Overview

overview

Static

static

3

7e18802311...18.exe

windows7-x64

7e18802311...18.exe

windows10-2004-x64

Sharing

General

Target

7e188023110a5ffd9719428a7b98688d_JaffaCakes118
Size

1.2MB
Sample

241030-ggv9naxgmm
MD5

7e188023110a5ffd9719428a7b98688d
SHA1

fd3dd486e98fff7e2d069f0e4e4ddb2ae86daba6
SHA256

a65ba93ec78558053bcebe1b7a512aa7ebc402eef96ccc1cd41062f3da517375
SHA512

e8b1f0b077b2e71c7c125993f33addfed9570710d50d10070eed7e5eeb81c43565d5776ed8a62fe6764c7773108fffa12c00c1d555b4cc138b28f7a708059516
SSDEEP

24576:IMc1bS0R6crXjYp36O1aNjoWBFJDq9SpCxfzs2o2SV/deDrgO:IMcxS0RTrzYp3/oNEWxq8pCRzro2SV/u

Score

10^/10

renamer discovery worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e188023110a5ffd9719428a7b98688d_JaffaCakes118.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e188023110a5ffd9719428a7b98688d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  7e188023110a5ffd9719428a7b98688d_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  7e188023110a5ffd9719428a7b98688d
- SHA1
  
  fd3dd486e98fff7e2d069f0e4e4ddb2ae86daba6
- SHA256
  
  a65ba93ec78558053bcebe1b7a512aa7ebc402eef96ccc1cd41062f3da517375
- SHA512
  
  e8b1f0b077b2e71c7c125993f33addfed9570710d50d10070eed7e5eeb81c43565d5776ed8a62fe6764c7773108fffa12c00c1d555b4cc138b28f7a708059516
- SSDEEP
  
  24576:IMc1bS0R6crXjYp36O1aNjoWBFJDq9SpCxfzs2o2SV/deDrgO:IMcxS0RTrzYp3/oNEWxq8pCRzro2SV/u
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy