General
-
Target
hjgkdf.exe
-
Size
24KB
-
Sample
210421-78cl1tdm82
-
MD5
dbe70b82bd05e88df18ff1685eaa9e99
-
SHA1
cd3e57c6d265882c07e9c7ab9b13f4dc50f46e2a
-
SHA256
4fb6e836e9ce7b0ef9a7b40cb50f82613450180e31c63e117589d3579f656244
-
SHA512
6197c0f25aa2c9fe22b2b9e2e31e1e164a72fbb34c69b7a6b115b77ec5e39e91d0d04921487c1261b0999090269e999b2d9e3fe80a25a0a60bd0fc99acefc09e
Static task
static1
Behavioral task
behavioral1
Sample
hjgkdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
hjgkdf.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
hjgkdf.exe
-
Size
24KB
-
MD5
dbe70b82bd05e88df18ff1685eaa9e99
-
SHA1
cd3e57c6d265882c07e9c7ab9b13f4dc50f46e2a
-
SHA256
4fb6e836e9ce7b0ef9a7b40cb50f82613450180e31c63e117589d3579f656244
-
SHA512
6197c0f25aa2c9fe22b2b9e2e31e1e164a72fbb34c69b7a6b115b77ec5e39e91d0d04921487c1261b0999090269e999b2d9e3fe80a25a0a60bd0fc99acefc09e
Score10/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-