General
-
Target
what I want to say to you.exe.bin
-
Size
7.7MB
-
Sample
241112-j35rbsydmb
-
MD5
49927d5154b5368433496370ee24bc36
-
SHA1
330873dfe1211cfeb366ab05691b894bdb7b3e51
-
SHA256
c8bc88f5eeec657d4726a5643d42f2a47b6c1508dfff13ecd0537542e645501d
-
SHA512
073896e9a25f8c0a5cd299573382d5d73263a552460380675eb9b67006e721df295f32d673797eef4a48e6a6594066d38773d153505a2d074b4480a57d44417f
-
SSDEEP
49152:QhoC3jPDJj7gPD4VAs6IZdW9X2HcfclCtkDvW0Ic0kzeWKnC4KgtDuv7zTfLVkrR:0RjUiAp3t0jzeVCstAc5
Static task
static1
Behavioral task
behavioral1
Sample
what I want to say to you.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
what I want to say to you.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
what I want to say to you.exe.bin
-
Size
7.7MB
-
MD5
49927d5154b5368433496370ee24bc36
-
SHA1
330873dfe1211cfeb366ab05691b894bdb7b3e51
-
SHA256
c8bc88f5eeec657d4726a5643d42f2a47b6c1508dfff13ecd0537542e645501d
-
SHA512
073896e9a25f8c0a5cd299573382d5d73263a552460380675eb9b67006e721df295f32d673797eef4a48e6a6594066d38773d153505a2d074b4480a57d44417f
-
SSDEEP
49152:QhoC3jPDJj7gPD4VAs6IZdW9X2HcfclCtkDvW0Ic0kzeWKnC4KgtDuv7zTfLVkrR:0RjUiAp3t0jzeVCstAc5
-
Renames multiple (183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
A potential corporate email address has been identified in the URL: 04b595bffd12e0a823ba02b7b933d4870182477f.png@800w_512h_!web-home-carousel-cover.webp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Deobfuscate/Decode Files or Information
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1