General
-
Target
c.7z
-
Size
205KB
-
Sample
241111-a7dzqsyekq
-
MD5
fa6ed0b3a8ce881883940591411c0628
-
SHA1
a82ba4b57a3782fde98c0584c1d1cd6ff77469e9
-
SHA256
7f583e2fbb0b620b76aa93dd9deb25b19b86abdb276b5753c6f53931f61b05a5
-
SHA512
96e1c195a34e454669cfb659570b3cfffc2eb49770e79f0422fb146e3cfb6341a419c9df9fa031008d266afdbf467035799ea9535ca19cfb2f8ba4f8b6c4f4f8
-
SSDEEP
3072:dSAcyXuh+C/zs22bHUGj3sksR1WNdFQwH2+7+40Tk/Tjf43Eg3AuK6ZprJfG044Y:ly+Cg2QHUGrNIWBQf40S2EHuRprURT
Static task
static1
Behavioral task
behavioral1
Sample
b6fdf9369af7d3663274392de89b1d644f86232311e63a4a395dda474e1200ee.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
disembarkation.dll
Resource
win7-20240903-en
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\README.hta
Targets
-
-
Target
b6fdf9369af7d3663274392de89b1d644f86232311e63a4a395dda474e1200ee.exe
-
Size
227KB
-
MD5
5cf53ff2d717d768c88fa264934f3361
-
SHA1
63b8ba6b63a44df24f359707c27006901d36244b
-
SHA256
b6fdf9369af7d3663274392de89b1d644f86232311e63a4a395dda474e1200ee
-
SHA512
ffc16845c12c165771b331e0d351b552849d17645e884038e0c97cf3479567da28eea1e88a88f00942e5291c01efb5630771476d3726d544917c227300e33c86
-
SSDEEP
3072:bwJ52Y7ZoH5XJaZ45ku0GJutpaNeVBnLlzcpOpTTOxtgOgEsFB3:bwHysZPEutpaNeVFloclT7esFB3
-
Cerber family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Contacts a large (1096) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Loads dropped DLL
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
a436db0c473a087eb61ff5c53c34ba27
-
SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506
-
SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
-
SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
-
SSDEEP
192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
e75ae7cfe06ff9692d98a934f6aa2d3c
-
SHA1
d5fd4a59a39630c4693ce656bbbc0a55ede0a500
-
SHA256
1f861aeb145ebbb9a2628414e6dca6b06d0bfb252f2de624b86814cfec8097d0
-
SHA512
ab4998f8f6bbb60321d0c2aa941d4e85319901960297059bf0832cf84b18dfbb120c3aa71963b46d3be3b7c9602434cb23f9a961c00de02403b3f266b294d41b
-
SSDEEP
96:3np41CMj95rKhkfL5RkEdKkcxM2DjDf3GEEE9v5E9av+Yx40ndY7ndS27gA:3nujesS4HREEK5MYxtdqn420
Score3/10 -
-
-
Target
disembarkation.dll
-
Size
24KB
-
MD5
1bea7d9e09e15e62b38474e87b5c1041
-
SHA1
e5003f5894fe17b517a07a35a270c73506398a5e
-
SHA256
b8bb9c23722c115730f68c1de7e970cab39b7e4a581edc1759cecdd0b2288297
-
SHA512
de552003490a1df588360aea93508375034770d48fc03b680895a5da22430ecd05d64c2b0f6f6e00c30a899c219fb39e4a26803588ff1856a8465b80ef1b7395
-
SSDEEP
192:2HGm3EJs4k3qFnX8VtK5FOgLt5Mm/cwOMb:H8ES4k3GX8DOtmm/cw
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1