General
-
Target
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.zip
-
Size
70KB
-
Sample
201021-y655xxpdya
-
MD5
be549d09f087fbfe1a768526f57d645d
-
SHA1
42a81011c264e9278b93aed45f9a4f5e8ddab54a
-
SHA256
e881b128013e2c244a957ae86813864125c36edd24e9c2518beebdcf22aee4b2
-
SHA512
77fec122109fe4c004dd257d412295c9a77aab368a969c8ba9c880fa0ebd2dbf0ed1302ce577c57ba951aeb7370096d0524034dd221ba95fbb56bed3d4c8d1f2
Static task
static1
Behavioral task
behavioral1
Sample
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2.exe
-
Size
1.2MB
-
MD5
ad90a317e686b1ab9db651c97ee448b2
-
SHA1
5a2e9db7daa14511f8fb4e5a9e93e9721d68e593
-
SHA256
633e3f41ab072d59eb255348209fd3228a8abc3168601c7f95342ef85efdc6b2
-
SHA512
65ebd80b4118d41acc1371ede9a9ee4b37011ed2a03dc7751d3e6d3fc92b9bb6956a442e8c38266bd5c97afdd4d68ebc1657ff2faf35c42e9d28aadf15006353
Score9/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-