General
-
Target
IMPORTANT.exe
-
Size
2.6MB
-
Sample
250518-sj92dafm6w
-
MD5
a8f313dfb1bd2b0183555360e44f9c7d
-
SHA1
ecea055bd41dba07dffe08f62f5de1c2d402ae72
-
SHA256
a81c6d00185c620df018f2c5bc65abfacd5630285b71fdaedf5d27bd0a5d47c2
-
SHA512
f284b0995f43a2fb75319c7fa73d27c3c8f6ddd730972b5c398a095f4d978a288dce86559a1ec11872a97753f31dfd415eaa88873366e56f6633a0a4318608b8
-
SSDEEP
24576:pKpyoYkhEXRfPOC8TDr7sJuVUkQmqY9HNgBNJ6clMi81s3AYG5GsGbZB:pKwoYa8RfPOC8Tfq3AHeG5GsGbZB
Static task
static1
Behavioral task
behavioral1
Sample
IMPORTANT.exe
Resource
win10ltsc2021-20250425-en
Malware Config
Targets
-
-
Target
IMPORTANT.exe
-
Size
2.6MB
-
MD5
a8f313dfb1bd2b0183555360e44f9c7d
-
SHA1
ecea055bd41dba07dffe08f62f5de1c2d402ae72
-
SHA256
a81c6d00185c620df018f2c5bc65abfacd5630285b71fdaedf5d27bd0a5d47c2
-
SHA512
f284b0995f43a2fb75319c7fa73d27c3c8f6ddd730972b5c398a095f4d978a288dce86559a1ec11872a97753f31dfd415eaa88873366e56f6633a0a4318608b8
-
SSDEEP
24576:pKpyoYkhEXRfPOC8TDr7sJuVUkQmqY9HNgBNJ6clMi81s3AYG5GsGbZB:pKwoYa8RfPOC8Tfq3AHeG5GsGbZB
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
2File Deletion
2Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1