5d2597a8a8b8d4d0dfafef02b41d3746bb9a3ccfcacac9a0a8eaec237aa90c1d | Triage

Sharing

General

Target

5d2597a8a8b8d4d0dfafef02b41d3746bb9a3ccfcacac9a0a8eaec237aa90c1d.exe
Size

487KB
Sample

250125-jptf5svldp
MD5

8040a1a66e9b6cffba01d78b642140ea
SHA1

acac5dc3f6140c093e1ebace12f1c8579f8fb3bf
SHA256

5d2597a8a8b8d4d0dfafef02b41d3746bb9a3ccfcacac9a0a8eaec237aa90c1d
SHA512

62a188e40a988e65dfff91e0d0ea88e5f925eb794f66d71073d4d4913298283b7e736abed83b0fc384db5e0ae5a061786bbca7ab97ddec455684604ef89c6138
SSDEEP

6144:1MkLeY49LF6PAd+eDQbS0VeWVa1Kj/5hd2SXvT+r8feNNvy6kLu+1bq7YNZ:1M5XQrVeWVa1Kj/57nmNNeVU76

Score

9^/10

defense_evasion execution impact ransomware

Malware Config

Targets

- Target
  
  5d2597a8a8b8d4d0dfafef02b41d3746bb9a3ccfcacac9a0a8eaec237aa90c1d.exe
- Size
  
  487KB
- MD5
  
  8040a1a66e9b6cffba01d78b642140ea
- SHA1
  
  acac5dc3f6140c093e1ebace12f1c8579f8fb3bf
- SHA256
  
  5d2597a8a8b8d4d0dfafef02b41d3746bb9a3ccfcacac9a0a8eaec237aa90c1d
- SHA512
  
  62a188e40a988e65dfff91e0d0ea88e5f925eb794f66d71073d4d4913298283b7e736abed83b0fc384db5e0ae5a061786bbca7ab97ddec455684604ef89c6138
- SSDEEP
  
  6144:1MkLeY49LF6PAd+eDQbS0VeWVa1Kj/5hd2SXvT+r8feNNvy6kLu+1bq7YNZ:1M5XQrVeWVa1Kj/57nmNNeVU76
Score

9^/10

defense_evasion execution impact ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (302) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies boot configuration data using bcdedit
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasionexecutionimpactransomware

behavioral2

defense_evasionexecutionimpactransomware