General
-
Target
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample
-
Size
1.3MB
-
Sample
210726-7gswb4lxj6
-
MD5
c6eeb14485d93f4e30fb79f3a57518fc
-
SHA1
b7d99521348d319f57d2b2ba7045295fc99cf6a7
-
SHA256
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede
-
SHA512
1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5
Static task
static1
Behavioral task
behavioral1
Sample
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt
dearcry
Targets
-
-
Target
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample
-
Size
1.3MB
-
MD5
c6eeb14485d93f4e30fb79f3a57518fc
-
SHA1
b7d99521348d319f57d2b2ba7045295fc99cf6a7
-
SHA256
feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede
-
SHA512
1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5
Score10/10-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-