Analysis
-
max time kernel
22s -
max time network
14s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
28-09-2020 10:41
Static task
static1
Behavioral task
behavioral1
Sample
8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
Resource
win10
General
-
Target
8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
-
Size
18KB
-
MD5
849ffabdc4a5e8da2ca654f614b01c56
-
SHA1
791730d1deeb38d4fc93529c7ad9da06d060edd8
-
SHA256
8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e
-
SHA512
2df86fb79f463252c794fa757a7a95d2c25ee5911c018e9ce50545669e93361e7216edabaa0880419a851405b4dab3fafab0d72f0196ae3f98ec26c9676fd85e
Malware Config
Extracted
C:\Users\Admin\Desktop\!#!READ-ME!#!.txt
dusk
1EiGoumJiBNJszEzTzasmQhCVaEYDDEbuo
Signatures
-
Dusk Ransomware
Family first seen in September 2020.
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File renamed C:\Users\Admin\Pictures\ConvertFromFind.png => C:\Users\Admin\Pictures\ConvertFromFind.png.Dusk 8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe File renamed C:\Users\Admin\Pictures\ImportCompress.png => C:\Users\Admin\Pictures\ImportCompress.png.Dusk 8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe