General
-
Target
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2.bin
-
Size
140KB
-
Sample
200907-52bvxsslhn
-
MD5
cb4eb930077d38e517886b9f44d73d01
-
SHA1
720f309a06cb0941661e6d52b8f7a13dcb977c58
-
SHA256
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2
-
SHA512
0dd96955bb3d5ecb591e77a84238fa7d6e18d657e10d14654d77d4c1a15cbb511f6a61e1b33e12f7088bd0d5048471d7205aba5c66e091e328dfa854ccaec583
Static task
static1
Behavioral task
behavioral1
Sample
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\readme.txt
Extracted
C:\Users\Admin\.oracle_jre_usage\readme.txt
Targets
-
-
Target
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2.bin
-
Size
140KB
-
MD5
cb4eb930077d38e517886b9f44d73d01
-
SHA1
720f309a06cb0941661e6d52b8f7a13dcb977c58
-
SHA256
644fd4c06b04899ca4b1c432c2139c68aeeb4fb9a0bf7f51eee3c26e30c1c1f2
-
SHA512
0dd96955bb3d5ecb591e77a84238fa7d6e18d657e10d14654d77d4c1a15cbb511f6a61e1b33e12f7088bd0d5048471d7205aba5c66e091e328dfa854ccaec583
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-