General
-
Target
f7d51f78838308cdcd53b9c4f4af65e1.exe
-
Size
1.0MB
-
Sample
210122-kcf4v5jnqs
-
MD5
f7d51f78838308cdcd53b9c4f4af65e1
-
SHA1
cddc4f2499ffb79666db8b8c38d9f2c74b9ab219
-
SHA256
f5758fdd9563e9b445b84a1644d9c37b3ff16903b67e7e05872c068ddd6be0c6
-
SHA512
3134ca19c1c0fe12a769b51909edfcc8da51b927e6414c7305d23280b8778de404759b8a56cd716a4c9fbda3f5e6b44ece160bceaa762011b35a3b40e930ae5e
Static task
static1
Behavioral task
behavioral1
Sample
f7d51f78838308cdcd53b9c4f4af65e1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f7d51f78838308cdcd53b9c4f4af65e1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
f7d51f78838308cdcd53b9c4f4af65e1.exe
-
Size
1.0MB
-
MD5
f7d51f78838308cdcd53b9c4f4af65e1
-
SHA1
cddc4f2499ffb79666db8b8c38d9f2c74b9ab219
-
SHA256
f5758fdd9563e9b445b84a1644d9c37b3ff16903b67e7e05872c068ddd6be0c6
-
SHA512
3134ca19c1c0fe12a769b51909edfcc8da51b927e6414c7305d23280b8778de404759b8a56cd716a4c9fbda3f5e6b44ece160bceaa762011b35a3b40e930ae5e
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-