6dff4cafebd4bb246488526e09dc6aa1d2aa25681eb024439c08fda39a10367b | Triage

Sharing

General

Target

6dff4cafebd4bb246488526e09dc6aa1d2aa25681eb024439c08fda39a10367b.exe
Size

10.0MB
Sample

241121-krnjcazeqc
MD5

f08fc668957c17905520d63bae85114a
SHA1

a802235e8e390cb700396f7ee6eda73c27289484
SHA256

6dff4cafebd4bb246488526e09dc6aa1d2aa25681eb024439c08fda39a10367b
SHA512

cedc25745fbd376627c119cfc481627ac574ae3d92f4d888538d88a344b57a66e47ca3f6ae7580ff154a5c11fd2325057cf194784c1e357f0756884d37e1da9e
SSDEEP

98304:He5x6c1NogP2NhS9Yw8ywowUUIGYlFlehRC4tNuTBp8BzB+0LuxttZiSELtebmab:gJawfwVs3TehREvjD8th9VzW

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  6dff4cafebd4bb246488526e09dc6aa1d2aa25681eb024439c08fda39a10367b.exe
- Size
  
  10.0MB
- MD5
  
  f08fc668957c17905520d63bae85114a
- SHA1
  
  a802235e8e390cb700396f7ee6eda73c27289484
- SHA256
  
  6dff4cafebd4bb246488526e09dc6aa1d2aa25681eb024439c08fda39a10367b
- SHA512
  
  cedc25745fbd376627c119cfc481627ac574ae3d92f4d888538d88a344b57a66e47ca3f6ae7580ff154a5c11fd2325057cf194784c1e357f0756884d37e1da9e
- SSDEEP
  
  98304:He5x6c1NogP2NhS9Yw8ywowUUIGYlFlehRC4tNuTBp8BzB+0LuxttZiSELtebmab:gJawfwVs3TehREvjD8th9VzW
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware