General
-
Target
8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.zip
-
Size
71KB
-
Sample
201021-anhvn5x6qs
-
MD5
2f44a1e6c797b73328ef68cb8c011be4
-
SHA1
bf4c6fe78cb90f36b585b265d0132fe0c10a00a8
-
SHA256
081f5e20e8714daab866fc9de69e2eda3282b1e46c538a01043ee786f35176d0
-
SHA512
e964e090221c924822cd79cba55182842e77533a3c06bf26f925bf5dc71d8e133cbcaefa6578b9565e6b9ded3c49939d5ef992198b9e500996b80cdad8745ba4
Static task
static1
Behavioral task
behavioral1
Sample
8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.exe
Resource
win10
Malware Config
Targets
-
-
Target
8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01.exe
-
Size
1.2MB
-
MD5
7e34c5bd27f25a1e1d47a27702708e28
-
SHA1
fb65ea1cc1d81a17effe16ecd2d10f34975a67d8
-
SHA256
8dc3389d37519b24aef2bcf2a15530ea1b13ff4b98228967c9876835bdb99a01
-
SHA512
2b4099e3f15dfd6414c812e87c5f8cfd1926234012e6c67e71433bc4bed7c823ca6d19f8bb927d16ee8e32859b663a9cbccc890eedb3cdaebb8ec2c04784114f
Score9/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-