957e27a1546f944c33967f491f184484717b6aab8bf57fcb9b121c22b49d789f | Triage

Submit
Reports

Overview

overview

Static

static

1

taas.png

windows10-2004-x64

Sharing

General

Target

taas.png
Size

482KB
Sample

240702-1mecwa1dmb
MD5

5cdee96ab62ae22eaced595bbe8e9eb4
SHA1

c258fd9b3d6adce3b30cdbb43f8783d12800082a
SHA256

957e27a1546f944c33967f491f184484717b6aab8bf57fcb9b121c22b49d789f
SHA512

ca9acb73f52d685656af6bf4457f686e894a3fc34029d72fad2bcbf3bbfb79bcdca0e51188f57f31802fd06f7d671f0ed3d5034f2e4d52cbee04a82b7d7a91e0
SSDEEP

12288:iDVrZ0KGNJDi5eQDoxqgVm5K/oea9aDXY3ax+KdxaAX8ZVJxbzamWQ2:u9Z0KGP3Q0YgCK/T6azxx+KjXGVDbEh

Score

10^/10

bootkit discovery evasion exploit persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

taas.png

Resource

win10v2004-20240508-en

bootkit discovery evasion exploit persistence ransomware trojan

windows10-2004-x64

25 signatures

1200 seconds

Malware Config

Targets

- Target
  
  taas.png
- Size
  
  482KB
- MD5
  
  5cdee96ab62ae22eaced595bbe8e9eb4
- SHA1
  
  c258fd9b3d6adce3b30cdbb43f8783d12800082a
- SHA256
  
  957e27a1546f944c33967f491f184484717b6aab8bf57fcb9b121c22b49d789f
- SHA512
  
  ca9acb73f52d685656af6bf4457f686e894a3fc34029d72fad2bcbf3bbfb79bcdca0e51188f57f31802fd06f7d671f0ed3d5034f2e4d52cbee04a82b7d7a91e0
- SSDEEP
  
  12288:iDVrZ0KGNJDi5eQDoxqgVm5K/oea9aDXY3ax+KdxaAX8ZVJxbzamWQ2:u9Z0KGP3Q0YgCK/T6azxx+KjXGVDbEh
Score

10^/10

bootkit discovery evasion exploit persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies file permissions
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitdiscoveryevasionexploitpersistenceransomwaretrojan

© 2018-2024

Terms | Privacy