General
-
Target
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin
-
Size
1.2MB
-
Sample
201021-gwp7b56yd2
-
MD5
ad90a317e686b1ab9db651c97ee448b2
-
SHA1
5a2e9db7daa14511f8fb4e5a9e93e9721d68e593
-
SHA256
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2
-
SHA512
65ebd80b4118d41acc1371ede9a9ee4b37011ed2a03dc7751d3e6d3fc92b9bb6956a442e8c38266bd5c97afdd4d68ebc1657ff2faf35c42e9d28aadf15006353
Static task
static1
Behavioral task
behavioral1
Sample
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.bin
-
Size
1.2MB
-
MD5
ad90a317e686b1ab9db651c97ee448b2
-
SHA1
5a2e9db7daa14511f8fb4e5a9e93e9721d68e593
-
SHA256
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2
-
SHA512
65ebd80b4118d41acc1371ede9a9ee4b37011ed2a03dc7751d3e6d3fc92b9bb6956a442e8c38266bd5c97afdd4d68ebc1657ff2faf35c42e9d28aadf15006353
Score9/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-