General

  • Target

    497e71a117371b3572beca110e9e7227a47b9ca3578e81ffccd30d23a562bcc8N

  • Size

    820KB

  • Sample

    241106-jezkeavphy

  • MD5

    9a42e002a8e38ebebd6256fd4f3569f0

  • SHA1

    3bce14a56045ac853cdd8d16667f87d9d4294ec3

  • SHA256

    497e71a117371b3572beca110e9e7227a47b9ca3578e81ffccd30d23a562bcc8

  • SHA512

    35fb4b82f845bc6581355ac0ee9de6f2b049f992acd90731c8a3b90d4e911c1f83d61acced69e66296952b2d67d3be66cc4d8d697b218e45b09481533f3c802b

  • SSDEEP

    24576:9jFTqlp3N1+yAgVNfffNflVNfffNfawdQcpKcd0jZd616ALq7Y7N7+7M7r7l7X7y:95Top91+yAgVNfffNflVNfffNfawdQcA

Malware Config

Targets

    • Target

      497e71a117371b3572beca110e9e7227a47b9ca3578e81ffccd30d23a562bcc8N

    • Size

      820KB

    • MD5

      9a42e002a8e38ebebd6256fd4f3569f0

    • SHA1

      3bce14a56045ac853cdd8d16667f87d9d4294ec3

    • SHA256

      497e71a117371b3572beca110e9e7227a47b9ca3578e81ffccd30d23a562bcc8

    • SHA512

      35fb4b82f845bc6581355ac0ee9de6f2b049f992acd90731c8a3b90d4e911c1f83d61acced69e66296952b2d67d3be66cc4d8d697b218e45b09481533f3c802b

    • SSDEEP

      24576:9jFTqlp3N1+yAgVNfffNflVNfffNfawdQcpKcd0jZd616ALq7Y7N7+7M7r7l7X7y:95Top91+yAgVNfffNflVNfffNfawdQcA

    • Renames multiple (316) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks