General
-
Target
64CO.exe
-
Size
1.2MB
-
Sample
210723-j43f2gxm8j
-
MD5
a80b79de02d6881d5e54afcefa38298a
-
SHA1
e0d3e2612a757ff5be818b114028a0e4bb562bc5
-
SHA256
033b4950a8f249b20eb86ec6f8f2ea0a1567bb164289d1aa7fb0ba51f9bbe46c
-
SHA512
1fbe52a0086a33a98e48f501c669f3a9e82b5795550702eb61ccc281c77ba29fe217a5897b6caf55582ca1c16d062a2d3219a596d4372c70782bc49499e0ed4f
Static task
static1
Behavioral task
behavioral1
Sample
64CO.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
64CO.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
64CO.exe
-
Size
1.2MB
-
MD5
a80b79de02d6881d5e54afcefa38298a
-
SHA1
e0d3e2612a757ff5be818b114028a0e4bb562bc5
-
SHA256
033b4950a8f249b20eb86ec6f8f2ea0a1567bb164289d1aa7fb0ba51f9bbe46c
-
SHA512
1fbe52a0086a33a98e48f501c669f3a9e82b5795550702eb61ccc281c77ba29fe217a5897b6caf55582ca1c16d062a2d3219a596d4372c70782bc49499e0ed4f
Score9/10-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-