General
-
Target
vkgen_updatepackage.exe
-
Size
6.3MB
-
Sample
210125-wkldfcyyds
-
MD5
1fc199037d6e817b653150e4968d8abe
-
SHA1
a75ab30f801b0fbc5263e6492780e752c41fdf35
-
SHA256
72bf432b0b9e05ee2004b814e9613bfdd9e63631d329b0d569243521cf909189
-
SHA512
ddc42e692938b1e4ce4079cb24bb4df2e9c5a6cae6cd8713aad747667cbbb70a52386bc0742f598274426c09785b7a468e874ee257fe94a845e3afddd62d64f3
Static task
static1
Behavioral task
behavioral1
Sample
vkgen_updatepackage.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
vkgen_updatepackage.exe
-
Size
6.3MB
-
MD5
1fc199037d6e817b653150e4968d8abe
-
SHA1
a75ab30f801b0fbc5263e6492780e752c41fdf35
-
SHA256
72bf432b0b9e05ee2004b814e9613bfdd9e63631d329b0d569243521cf909189
-
SHA512
ddc42e692938b1e4ce4079cb24bb4df2e9c5a6cae6cd8713aad747667cbbb70a52386bc0742f598274426c09785b7a468e874ee257fe94a845e3afddd62d64f3
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-