8fdbf406fc7490ac24b4c5f61a4b868bd1c892f5ccc4817ec306a8ec9f70e3d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

personalize.exe

windows11-21h2-x64

Sharing

General

Target

personalize.exe
Size

832KB
Sample

240630-q76bzsscqq
MD5

3780f9b91fde991c40386927dae15096
SHA1

0ac6c6284751dd0bac7d58714f899c16da63256a
SHA256

8fdbf406fc7490ac24b4c5f61a4b868bd1c892f5ccc4817ec306a8ec9f70e3d7
SHA512

f5fcba684cb2b4d8c6000649140e693d1589e7f42cccbd9592d82d4c3c2c2cb635f3c851bdb2c95aa0bb8ed7872c9b6a55d7dec4734ca2da429b257e41246e2c
SSDEEP

24576:StA4KdTxn+SoA/baP35yfbSLF2aYVlHvAclDJDb:jdTlzV+P35yfsFI3vAclxb

Score

10^/10

defense_evasion discovery evasion exploit persistence ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

personalize.exe

Resource

win11-20240508-en

defense_evasion discovery evasion exploit persistence ransomware trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  personalize.exe
- Size
  
  832KB
- MD5
  
  3780f9b91fde991c40386927dae15096
- SHA1
  
  0ac6c6284751dd0bac7d58714f899c16da63256a
- SHA256
  
  8fdbf406fc7490ac24b4c5f61a4b868bd1c892f5ccc4817ec306a8ec9f70e3d7
- SHA512
  
  f5fcba684cb2b4d8c6000649140e693d1589e7f42cccbd9592d82d4c3c2c2cb635f3c851bdb2c95aa0bb8ed7872c9b6a55d7dec4734ca2da429b257e41246e2c
- SSDEEP
  
  24576:StA4KdTxn+SoA/baP35yfbSLF2aYVlHvAclDJDb:jdTlzV+P35yfsFI3vAclxb
Score

10^/10

defense_evasion discovery evasion exploit persistence ransomware trojan
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Hide Artifacts

Hidden Files and Directories

File and Directory Permissions Modification

Windows File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexploitpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy