General
-
Target
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25.sample
-
Size
57KB
-
Sample
210726-fg2nmqxxae
-
MD5
bb7a86c4e8499007ce55844f9d23d21c
-
SHA1
e338fee9543b71edce9e759ee4320671f53c7116
-
SHA256
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25
-
SHA512
eba28241fdaec937773cd36bb1e02370cb99beed0c0c54398e8e89cbfb1ffc9bd1dc701ac7bcb7a7fc5368cf4e99cb78ca0d5726a243338fc609acf8a461a349
Static task
static1
Behavioral task
behavioral1
Sample
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\users\public\desktop\info.hta
natashaoversbyober@aol.com
cinderella_field@aol.com
helpdecrypt@jabbim.cz
https://pidgin.im/download/windows/
Targets
-
-
Target
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25.sample
-
Size
57KB
-
MD5
bb7a86c4e8499007ce55844f9d23d21c
-
SHA1
e338fee9543b71edce9e759ee4320671f53c7116
-
SHA256
4d5220a88b195e3ccdc40ba1c99d5d84d06dacc0720070a72aa34c9895939a25
-
SHA512
eba28241fdaec937773cd36bb1e02370cb99beed0c0c54398e8e89cbfb1ffc9bd1dc701ac7bcb7a7fc5368cf4e99cb78ca0d5726a243338fc609acf8a461a349
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-