General
-
Target
dsfdc.exe
-
Size
585KB
-
Sample
210901-tamenmezzj
-
MD5
6c94dc3785a5fac466c95f2f6eea1cf6
-
SHA1
eb2057013b1f9ce6b9cb36ef90a6bcf798aa7c49
-
SHA256
9e86f9060857e46f9f0f3b361110d85737330ef3dac78b9ba8f39b857f854c7d
-
SHA512
97e235c1a9e72cb375bdd13fa2a95f0f10993b3bc333ea0c356b94bfa2ed5eadb96d36dcf40b2712eb82f729f4172317bee97b0e524d4ddf418829a491c520cb
Static task
static1
Behavioral task
behavioral1
Sample
dsfdc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
dsfdc.exe
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.top
Targets
-
-
Target
dsfdc.exe
-
Size
585KB
-
MD5
6c94dc3785a5fac466c95f2f6eea1cf6
-
SHA1
eb2057013b1f9ce6b9cb36ef90a6bcf798aa7c49
-
SHA256
9e86f9060857e46f9f0f3b361110d85737330ef3dac78b9ba8f39b857f854c7d
-
SHA512
97e235c1a9e72cb375bdd13fa2a95f0f10993b3bc333ea0c356b94bfa2ed5eadb96d36dcf40b2712eb82f729f4172317bee97b0e524d4ddf418829a491c520cb
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-