2b873b527a7c4095247febb6ccbe32eca19a5adbe563c76606ab16814dd3975b

Analysis

Target

sample.exe
Size

123KB
MD5

fb603212ae67789de5ce5f41a6d0705e
SHA1

1ff8e880a61c4b932b8f52e8353a5310152ba160
SHA256

3ccc016464e41de7be959c3b00bda1296eee1c50a2897e05c1abbc9034b23027
SHA512

45ebd60fe2801b60e061a2eaf58e016f1f966a688b2fc205e097cc67824e3c259d3271e78f644ab81671ff381ed8aec125499bc071ab3657b08ef36e55b849eb

Score

8^/10

ransomware

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File created	C:\Users\Admin\Pictures\UninstallSet.tiff.locked	sample.exe
File opened for modification	C:\Users\Admin\Pictures\UninstallSet.tiff	sample.exe
File created	C:\Users\Admin\Pictures\UpdateResolve.crw.locked	sample.exe
File created	C:\Users\Admin\Pictures\MergeConvertTo.png.locked	sample.exe

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	sample.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	sample.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	sample.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	sample.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	sample.exe

memory/496-2-0x0000000073360000-0x0000000073A4E000-memory.dmp

Filesize
6.9MB

Download
memory/496-3-0x0000000000C70000-0x0000000000C71000-memory.dmp

Filesize
4KB

Download
memory/496-5-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

Filesize
4KB

Download
memory/496-6-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/496-7-0x00000000056A0000-0x00000000056A1000-memory.dmp

Filesize
4KB

Download
memory/496-8-0x0000000005810000-0x0000000005811000-memory.dmp

Filesize
4KB

Download
memory/496-9-0x0000000005813000-0x0000000005815000-memory.dmp

Filesize
8KB

Download