General
-
Target
Ransomware.exe
-
Size
27KB
-
Sample
241105-yln5ksyanm
-
MD5
0fa45697008c498ad046c8e5badf84de
-
SHA1
30397727bc11f16a3b405a8ad53acb7bbd7e270f
-
SHA256
181754743618dec5abc164cdb9d611ab0ce275220fb86933425e6d2375f05c5a
-
SHA512
65f5c6fabce2a5e7429a537d92860eb625fdcaf48c52212137fefaf81226441f7fc451e16596cee6b60b83c8d16192595ea69fd6c3a0fb0f9764e08fd102a4b0
-
SSDEEP
384:eawog283gPF0pEWww9aPMbzrzoWkXxcOETKanIASy9BhEzXtHVQ6kYcV6O7UiJFh:+4KKWxbrkrGRIASyokYcV6O4izh
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Ransomware.exe
-
Size
27KB
-
MD5
0fa45697008c498ad046c8e5badf84de
-
SHA1
30397727bc11f16a3b405a8ad53acb7bbd7e270f
-
SHA256
181754743618dec5abc164cdb9d611ab0ce275220fb86933425e6d2375f05c5a
-
SHA512
65f5c6fabce2a5e7429a537d92860eb625fdcaf48c52212137fefaf81226441f7fc451e16596cee6b60b83c8d16192595ea69fd6c3a0fb0f9764e08fd102a4b0
-
SSDEEP
384:eawog283gPF0pEWww9aPMbzrzoWkXxcOETKanIASy9BhEzXtHVQ6kYcV6O7UiJFh:+4KKWxbrkrGRIASyokYcV6O4izh
Score10/10-
Modifies WinLogon for persistence
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5