General
-
Target
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b
-
Size
55KB
-
Sample
210412-yf15fpx9g6
-
MD5
9e79576cbd90a80fe04a8f4afa7cbece
-
SHA1
3d51b94960c3bb966a8a886aacf75cbb6ff98556
-
SHA256
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b
-
SHA512
82f4881b53f8b679ab02fc9f8e711ce105067e6b5283dbec5d97e0e3c93e9fabbce4b94f123f0426ba12b5e45435edc06be19cce798de31d2005a5a53e820017
Static task
static1
Behavioral task
behavioral1
Sample
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b.exe
Resource
win10v20210410
Malware Config
Extracted
C:\info.hta
antich154@privatemail.com
rikyrank113@protonmail.com
Extracted
C:\Users\Admin\Desktop\info.hta
antich154@privatemail.com
rikyrank113@protonmail.com
Targets
-
-
Target
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b
-
Size
55KB
-
MD5
9e79576cbd90a80fe04a8f4afa7cbece
-
SHA1
3d51b94960c3bb966a8a886aacf75cbb6ff98556
-
SHA256
9bd421c6f7f7d8278036944fcad3e04db408619678acf1b2024ef69d85c3932b
-
SHA512
82f4881b53f8b679ab02fc9f8e711ce105067e6b5283dbec5d97e0e3c93e9fabbce4b94f123f0426ba12b5e45435edc06be19cce798de31d2005a5a53e820017
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-