Overview

overview

10

Static

static

1

RapidReset.bat

windows7-x64

10

RapidReset.bat

windows10-2004-x64

7

Resubmissions

02-02-2025 04:31

250202-e5h8wsxlbr 10

20-11-2024 23:06

241120-23pzzswdpp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RapidReset.bat

  • Size

    562B

  • Sample

    241120-23pzzswdpp

  • MD5

    585007258473e92250845840fcdd7efa

  • SHA1

    f741877750f8b11be85bb9bafacb651456c1d085

  • SHA256

    e3b1216c43afbc251bbafc1c5a510933d175769b3f88b6315a31e1c8aa6c1940

  • SHA512

    da8d912a30b979d06878d4a511a6dc7dc0c82f7cca8f99b618fc0a095de61023d6c9c7b71a922abeff32eadf6e1344c4c79f73858364da7217beeb3c5fe63047

Score
10/10
discoveryransomware

Malware Config

Targets

    • Target

      RapidReset.bat

    • Size

      562B

    • MD5

      585007258473e92250845840fcdd7efa

    • SHA1

      f741877750f8b11be85bb9bafacb651456c1d085

    • SHA256

      e3b1216c43afbc251bbafc1c5a510933d175769b3f88b6315a31e1c8aa6c1940

    • SHA512

      da8d912a30b979d06878d4a511a6dc7dc0c82f7cca8f99b618fc0a095de61023d6c9c7b71a922abeff32eadf6e1344c4c79f73858364da7217beeb3c5fe63047

    Score
    10/10
    discoveryransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Renames multiple (691) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks