Analysis

  • max time kernel
    97s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    22/11/2020, 14:48

General

  • Target

    e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.exe

  • Size

    532KB

  • MD5

    76f547c793b5478b970c64caf04d01d4

  • SHA1

    f9eb40f6d3d4c83852e3781886db762bef8564e0

  • SHA256

    e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037

  • SHA512

    91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17

Malware Config

Signatures

  • MountLocker Ransomware

    Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 29 IoCs
  • Modifies service 2 TTPs 4 IoCs
  • Drops file in Program Files directory 9143 IoCs