General
-
Target
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4aN
-
Size
22KB
-
Sample
241111-p4sq2symas
-
MD5
b78ed0c765a716b22e5c4a7bea4009f0
-
SHA1
fcfd950657d2d6d8eb7cd1ae69042c18bc36907b
-
SHA256
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4a
-
SHA512
7b3c18d523c810a93482c45e1acd74e9ffa76f94d9f0c2906f82cb844135426260b190c2bc4c103960ad65a1ba9e57609837a22f3d73c745212737dfdcd4c4b9
-
SSDEEP
384:/QkZbV8i+fIZFQyZpz0q7bYKkxRjK36ct14yvXbB75z62A1aNJawcudoD7UgKDgZ:YGcAPQIpz0Mb18Kdt14yvLhlConbcuyX
Behavioral task
behavioral1
Sample
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4aN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4aN.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4aN
-
Size
22KB
-
MD5
b78ed0c765a716b22e5c4a7bea4009f0
-
SHA1
fcfd950657d2d6d8eb7cd1ae69042c18bc36907b
-
SHA256
4c2a4cb8de17823dd31d38486c8e7ae4f1af3638aa28ab6be073b443612abb4a
-
SHA512
7b3c18d523c810a93482c45e1acd74e9ffa76f94d9f0c2906f82cb844135426260b190c2bc4c103960ad65a1ba9e57609837a22f3d73c745212737dfdcd4c4b9
-
SSDEEP
384:/QkZbV8i+fIZFQyZpz0q7bYKkxRjK36ct14yvXbB75z62A1aNJawcudoD7UgKDgZ:YGcAPQIpz0Mb18Kdt14yvLhlConbcuyX
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1