81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458 | Triage

Resubmissions

02/04/2025, 12:53

250402-p43agswzfw 10

14/02/2025, 05:39

250214-gca3xstphr 10

Sharing

General

Target

main.exe
Size

7.2MB
Sample

250402-p43agswzfw
MD5

75a4c4a393ab704900d4e7b03928a898
SHA1

6d252c3503f74df28a52aa86821fba3e7b2b4c1c
SHA256

81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458
SHA512

cf80b32fec27e41cb00bcddecebad2a59d456b8eef0bb101c8334c92db8da615ac7164bff9441eac499e59bcc72cc52ef01635bd69185561534ed7ba954a7baa
SSDEEP

98304:ssJ/V6N+13gH5z4voNLZmjuAOZw3IvDiUFo0yfgdSiU8XvAx4aLZYyvJ83RxnPGA:b/35gZVHAr3hcdSyIx4ALiHPJd17YO

Score

10^/10

defense_evasion discovery evasion exploit ransomware trojan

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  7.2MB
- MD5
  
  75a4c4a393ab704900d4e7b03928a898
- SHA1
  
  6d252c3503f74df28a52aa86821fba3e7b2b4c1c
- SHA256
  
  81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458
- SHA512
  
  cf80b32fec27e41cb00bcddecebad2a59d456b8eef0bb101c8334c92db8da615ac7164bff9441eac499e59bcc72cc52ef01635bd69185561534ed7ba954a7baa
- SSDEEP
  
  98304:ssJ/V6N+13gH5z4voNLZmjuAOZw3IvDiUFo0yfgdSiU8XvAx4aLZYyvJ83RxnPGA:b/35gZVHAr3hcdSyIx4ALiHPJd17YO
Score

10^/10

defense_evasion discovery evasion exploit ransomware trojan
- Modifies Windows Defender DisableAntiSpyware settings
  evasion trojan
- UAC bypass
  defense_evasion trojan
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

File and Directory Permissions Modification

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexploitransomwaretrojan