General
-
Target
24.9.3 fix 2 pass is 1.zip
-
Size
9.0MB
-
Sample
241107-kewdes1qeq
-
MD5
3bed3fe28d72630ae17df3bb13f536e9
-
SHA1
751c3a29d102a0360be6db6141d3d74e2785879e
-
SHA256
4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796
-
SHA512
f8cba2527f7a75d0624a0cd22ced1ab0e0a92deb8a58b63335beedb1d94c6ecd282eb959e212085cc70e29886314393db39cf046624ba0a2aa7ff8933ac8bf1b
-
SSDEEP
196608:v1YiBvEubOO+RylGtphKmxVTdLvU36E7TAiVeVFEnpDU:v175ESOOAhlz+X48eVFEm
Static task
static1
Behavioral task
behavioral1
Sample
24.9.3 fix 2 pass is 1.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
24.9.3 fix 2 pass is 1.zip
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
24.9.3 fix 2 pass is 1.zip
-
Size
9.0MB
-
MD5
3bed3fe28d72630ae17df3bb13f536e9
-
SHA1
751c3a29d102a0360be6db6141d3d74e2785879e
-
SHA256
4729398f2c65f7c023e78e0b90950a7398e1556f3411e3ad503011c84a57b796
-
SHA512
f8cba2527f7a75d0624a0cd22ced1ab0e0a92deb8a58b63335beedb1d94c6ecd282eb959e212085cc70e29886314393db39cf046624ba0a2aa7ff8933ac8bf1b
-
SSDEEP
196608:v1YiBvEubOO+RylGtphKmxVTdLvU36E7TAiVeVFEnpDU:v175ESOOAhlz+X48eVFEm
Score9/10-
Renames multiple (51) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1