General
-
Target
fa721eb8ab2c81b42a735d4a1626f452c780fbdacddff5d67804eb00a61e8035
-
Size
576KB
-
Sample
250502-c8243agq8s
-
MD5
dc0c80f247edbbf663aa2b02cee56bc6
-
SHA1
cdbb0bcac77f4cbe2811bc7ea4886b9c6b22ccee
-
SHA256
fa721eb8ab2c81b42a735d4a1626f452c780fbdacddff5d67804eb00a61e8035
-
SHA512
96e822f36f83d07a64cffb802ff5a72dba3f9c8c46ea3420d56c9d89bf6e3760be5d027aec3e699e89b16949f647c79eff8652219bb5ba19edd2d6c19d188308
-
SSDEEP
12288:QNEnhU3nygbEMxBL2Wh2LVQKrAwrwxHdGxdOUK+iuHQG5yR9DE2t8I:vnEny0ECpTKaKkwMHOdTK+DwnA2tH
Static task
static1
Behavioral task
behavioral1
Sample
fa721eb8ab2c81b42a735d4a1626f452c780fbdacddff5d67804eb00a61e8035.exe
Resource
win10v2004-20250410-en
Malware Config
Targets
-
-
Target
fa721eb8ab2c81b42a735d4a1626f452c780fbdacddff5d67804eb00a61e8035
-
Size
576KB
-
MD5
dc0c80f247edbbf663aa2b02cee56bc6
-
SHA1
cdbb0bcac77f4cbe2811bc7ea4886b9c6b22ccee
-
SHA256
fa721eb8ab2c81b42a735d4a1626f452c780fbdacddff5d67804eb00a61e8035
-
SHA512
96e822f36f83d07a64cffb802ff5a72dba3f9c8c46ea3420d56c9d89bf6e3760be5d027aec3e699e89b16949f647c79eff8652219bb5ba19edd2d6c19d188308
-
SSDEEP
12288:QNEnhU3nygbEMxBL2Wh2LVQKrAwrwxHdGxdOUK+iuHQG5yR9DE2t8I:vnEny0ECpTKaKkwMHOdTK+DwnA2tH
-
Modifies WinLogon for persistence
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Deletes itself
-
Executes dropped EXE
-
Modifies file permissions
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5Pre-OS Boot
1Bootkit
1