038819e56f3acc6b043d2c44d7eb8c55b9fd5f9db67d89df07ebc3d8eab5411b | Triage

Sharing

General

Target

TestDD.exe
Size

140.5MB
Sample

250328-yfzzwsslt6
MD5

8b6cd0525dfd43863b71ce7b998a89a6
SHA1

2c1ab496f8ea81315f18042c8f23bed17ce999fa
SHA256

038819e56f3acc6b043d2c44d7eb8c55b9fd5f9db67d89df07ebc3d8eab5411b
SHA512

8eec6b57043111d1e6a02ad4d8d560a48f30055f9a9c6c4ab5788134724bb3246c68f0a2a076a8d510621873e103f0cf42a2d2fd4413e9be607b318eabfc39cf
SSDEEP

1572864:jJurcMWsO2ZB0ax8triD1Ss2t23l2DXbfD25cGGH:jMrwdt74Sv8cba9s

Score

8^/10

defense_evasion discovery persistence ransomware

Malware Config

Targets

- Target
  
  TestDD.exe
- Size
  
  140.5MB
- MD5
  
  8b6cd0525dfd43863b71ce7b998a89a6
- SHA1
  
  2c1ab496f8ea81315f18042c8f23bed17ce999fa
- SHA256
  
  038819e56f3acc6b043d2c44d7eb8c55b9fd5f9db67d89df07ebc3d8eab5411b
- SHA512
  
  8eec6b57043111d1e6a02ad4d8d560a48f30055f9a9c6c4ab5788134724bb3246c68f0a2a076a8d510621873e103f0cf42a2d2fd4413e9be607b318eabfc39cf
- SSDEEP
  
  1572864:jJurcMWsO2ZB0ax8triD1Ss2t23l2DXbfD25cGGH:jMrwdt74Sv8cba9s
Score

8^/10

defense_evasion discovery persistence ransomware
- Disables Task Manager via registry modification
  defense_evasion
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceransomware