General
-
Target
1.exe
-
Size
1.3MB
-
Sample
210313-cvpsqgkvpa
-
MD5
9f05994819a3d8c1a3769352c7c39d1d
-
SHA1
eb2457196e04dfdd54f70bd32ed02ae854d45bc0
-
SHA256
10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da
-
SHA512
32cac848f47a0096773435c6365fcbd6bdb02115aae2677aec5a86031b6def938033210fdcf0e12f735aa5ceb8cd4be5f7edb5cdc437bbca61f0d79196ec9be8
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v20201028
Malware Config
Extracted
C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt
dearcry
Targets
-
-
Target
1.exe
-
Size
1.3MB
-
MD5
9f05994819a3d8c1a3769352c7c39d1d
-
SHA1
eb2457196e04dfdd54f70bd32ed02ae854d45bc0
-
SHA256
10bce0ff6597f347c3cca8363b7c81a8bff52d2ff81245cd1e66a6e11aeb25da
-
SHA512
32cac848f47a0096773435c6365fcbd6bdb02115aae2677aec5a86031b6def938033210fdcf0e12f735aa5ceb8cd4be5f7edb5cdc437bbca61f0d79196ec9be8
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-