General
-
Target
DC.exe
-
Size
1.3MB
-
Sample
210316-t5pavcde6j
-
MD5
a7e571312e05d547936aab18f0b30fbf
-
SHA1
e0d643e759b2adf736b451aff9afa92811ab8a99
-
SHA256
027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27
-
SHA512
20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88
Static task
static1
Behavioral task
behavioral1
Sample
DC.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DC.exe
Resource
win10v20201028
Malware Config
Extracted
C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt
dearcry
Targets
-
-
Target
DC.exe
-
Size
1.3MB
-
MD5
a7e571312e05d547936aab18f0b30fbf
-
SHA1
e0d643e759b2adf736b451aff9afa92811ab8a99
-
SHA256
027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27
-
SHA512
20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-