General
-
Target
2fdb9fa88fa2082583d32914c3863521604dd32218c26a0f35e0141ba35408b7.exe
-
Size
464KB
-
Sample
210427-bhweeeknte
-
MD5
fe7bc3cd6512f31d48a58caf3e558fee
-
SHA1
5b2e6e541ea6f47e369291396a5d91564ece2eb8
-
SHA256
2fdb9fa88fa2082583d32914c3863521604dd32218c26a0f35e0141ba35408b7
-
SHA512
26e5d85f46afcf1434ccce85836014a5adf11728a609e79a8d19d2e6da6f84588eb4b650b5b5184b66bd255cb8d4b0a19bbfad65dc7f058928c7e5bc88f1730b
Static task
static1
Behavioral task
behavioral1
Sample
2fdb9fa88fa2082583d32914c3863521604dd32218c26a0f35e0141ba35408b7.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
2fdb9fa88fa2082583d32914c3863521604dd32218c26a0f35e0141ba35408b7.exe
-
Size
464KB
-
MD5
fe7bc3cd6512f31d48a58caf3e558fee
-
SHA1
5b2e6e541ea6f47e369291396a5d91564ece2eb8
-
SHA256
2fdb9fa88fa2082583d32914c3863521604dd32218c26a0f35e0141ba35408b7
-
SHA512
26e5d85f46afcf1434ccce85836014a5adf11728a609e79a8d19d2e6da6f84588eb4b650b5b5184b66bd255cb8d4b0a19bbfad65dc7f058928c7e5bc88f1730b
-
CrypVault
Ransomware family which makes encrypted files look like they have been quarantined by AV.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-