General
-
Target
ff284a9fa89bfeb02e4ebab752065b79.bin
-
Size
119KB
-
Sample
240701-eww4dsyhqr
-
MD5
ff284a9fa89bfeb02e4ebab752065b79
-
SHA1
d60b904d20f45602e109b69906b85b04f3530b37
-
SHA256
964918124532e636f209d522ca8cc1930528c1070e14775fa542c95cd465d5b5
-
SHA512
6b522bbc159048aa650ed37ade2829b238dc5f9f12265a78cc98742a3819cc9637ab77a5e1592d43c88e3fea48b8346b44f5b18535e881ac8fbc310b76837de0
-
SSDEEP
3072:ohehAzVNlWearrdQlJEdVw68e0tmynNXF0RzdnzgxbU3bh222222222T:6v34dQcdVw68Bt1nNm7zl9222222222T
Static task
static1
Behavioral task
behavioral1
Sample
ff284a9fa89bfeb02e4ebab752065b79.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff284a9fa89bfeb02e4ebab752065b79.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ff284a9fa89bfeb02e4ebab752065b79.bin
-
Size
119KB
-
MD5
ff284a9fa89bfeb02e4ebab752065b79
-
SHA1
d60b904d20f45602e109b69906b85b04f3530b37
-
SHA256
964918124532e636f209d522ca8cc1930528c1070e14775fa542c95cd465d5b5
-
SHA512
6b522bbc159048aa650ed37ade2829b238dc5f9f12265a78cc98742a3819cc9637ab77a5e1592d43c88e3fea48b8346b44f5b18535e881ac8fbc310b76837de0
-
SSDEEP
3072:ohehAzVNlWearrdQlJEdVw68e0tmynNXF0RzdnzgxbU3bh222222222T:6v34dQcdVw68Bt1nNm7zl9222222222T
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1