c7e0b5d2f1fc049601bab9697108bb03bf9b8643a7d741f4cd6332931cf0457c | Triage

Submit
Reports

Overview

overview

Static

static

1

img12.jpg

windows7-x64

Resubmissions

01-12-2024 15:28

241201-swsb4ayrhk 1

01-12-2024 15:28

241201-swgklayrgp 3

01-12-2024 15:26

241201-sva2esvlb1 5

01-12-2024 15:24

241201-ss3nnavkgz 5

01-12-2024 15:22

241201-sr2d7syqgq 10

01-12-2024 15:21

241201-srh8mavkdx 3

01-12-2024 15:17

241201-sn1cqsvjhy 3

Sharing

General

Target

img12.jpg
Size

121KB
Sample

241201-sr2d7syqgq
MD5

5d28177027ff3505cac5faf30f3fce1c
SHA1

f5344740e5814ad7b09c27723798a7b283597d98
SHA256

c7e0b5d2f1fc049601bab9697108bb03bf9b8643a7d741f4cd6332931cf0457c
SHA512

7143044d73e10281f1d3c0979c1daa0e6ae796edc3a56dd998a1d630c41d700d3d9af742c94d2b4b61a055d56a1203328819086c29c1038e58a495af1a4cc51d
SSDEEP

3072:zha4q4WMs9qabD0BWweOhHfgT3wdnjejF6I:da45W1qQD0BReOhYjyCjF5

Score

10^/10

defense_evasion discovery evasion persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

img12.jpg

Resource

win7-20240903-en

defense_evasion discovery evasion persistence ransomware

windows7-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  img12.jpg
- Size
  
  121KB
- MD5
  
  5d28177027ff3505cac5faf30f3fce1c
- SHA1
  
  f5344740e5814ad7b09c27723798a7b283597d98
- SHA256
  
  c7e0b5d2f1fc049601bab9697108bb03bf9b8643a7d741f4cd6332931cf0457c
- SHA512
  
  7143044d73e10281f1d3c0979c1daa0e6ae796edc3a56dd998a1d630c41d700d3d9af742c94d2b4b61a055d56a1203328819086c29c1038e58a495af1a4cc51d
- SSDEEP
  
  3072:zha4q4WMs9qabD0BWweOhHfgT3wdnjejF6I:da45W1qQD0BReOhYjyCjF5
Score

10^/10

defense_evasion discovery evasion persistence ransomware
- Modifies visibility of file extensions in Explorer
  evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops startup file
- System Binary Proxy Execution: Rundll32
  Abuse Rundll32 to proxy execution of malicious code.
  defense_evasion
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

System Binary Proxy Execution

Rundll32

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistenceransomware

© 2018-2025

Terms | Privacy