972b67c855ae25a2f4641d06a3a348e8312711c9014b6c26d1a93e434bdeb0c1 | Triage

Submit
Reports

Overview

overview

Static

static

3

e7a477c9b6...0c.exe

windows7-x64

e7a477c9b6...0c.exe

windows10-2004-x64

Sharing

General

Target

e7a477c9b60dd8b7850b976ca2f0200c.bin
Size

116KB
Sample

240701-ehhc3svhqf
MD5

e7a477c9b60dd8b7850b976ca2f0200c
SHA1

9879fe656eef2c5b777ce19616e7b4da1d340350
SHA256

972b67c855ae25a2f4641d06a3a348e8312711c9014b6c26d1a93e434bdeb0c1
SHA512

644e1368ce4eed8b45ac56d1c008861ee6c99461a79164aeb645259bf151232f7911a9a95a464eae16688a46b4350e9ca87e4b8cb7854094bbaf462612d82ad7
SSDEEP

3072:YhZWl1vcA5a57LGAbpZDQvsDleElOvyM0wLyaHaH:YWl1vcZ7LplDoEovPhH

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e7a477c9b60dd8b7850b976ca2f0200c.exe

Resource

win7-20240419-en

evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e7a477c9b60dd8b7850b976ca2f0200c.exe

Resource

win10v2004-20240508-en

evasion persistence ransomware spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  e7a477c9b60dd8b7850b976ca2f0200c.bin
- Size
  
  116KB
- MD5
  
  e7a477c9b60dd8b7850b976ca2f0200c
- SHA1
  
  9879fe656eef2c5b777ce19616e7b4da1d340350
- SHA256
  
  972b67c855ae25a2f4641d06a3a348e8312711c9014b6c26d1a93e434bdeb0c1
- SHA512
  
  644e1368ce4eed8b45ac56d1c008861ee6c99461a79164aeb645259bf151232f7911a9a95a464eae16688a46b4350e9ca87e4b8cb7854094bbaf462612d82ad7
- SSDEEP
  
  3072:YhZWl1vcA5a57LGAbpZDQvsDleElOvyM0wLyaHaH:YWl1vcZ7LplDoEovPhH
Score

10^/10

evasion persistence trojan ransomware spyware stealer
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Renames multiple (81) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistenceransomwarespywarestealertrojan

© 2018-2024

Terms | Privacy