General
-
Target
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb.sample
-
Size
192KB
-
Sample
210726-386gy5xqax
-
MD5
eb5d46bf72a013bfc7c018169eb1739b
-
SHA1
f55680a34521ef07c2b8dedd1b74a9927990485a
-
SHA256
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb
-
SHA512
b3e2d512c95913fe0ea1732f1e0bea2e849eb2ef98046380b01c76e6ec38a2ad5c00dcb66f90ad1f9d9c3ab97b81cd92318bdbfc84e2d408ed577902511b0c54
Static task
static1
Behavioral task
behavioral1
Sample
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb.sample.exe
Resource
win10v20210408
Malware Config
Extracted
\??\c:\users\admin\desktop\info.txt
Extracted
C:\Users\Admin\Desktop\info.hta
Targets
-
-
Target
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb.sample
-
Size
192KB
-
MD5
eb5d46bf72a013bfc7c018169eb1739b
-
SHA1
f55680a34521ef07c2b8dedd1b74a9927990485a
-
SHA256
97cb4bf23ebc72c97f8216182eb44f9bd45f3f7fff0d1ef9c573e7df79956ddb
-
SHA512
b3e2d512c95913fe0ea1732f1e0bea2e849eb2ef98046380b01c76e6ec38a2ad5c00dcb66f90ad1f9d9c3ab97b81cd92318bdbfc84e2d408ed577902511b0c54
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-