General
-
Target
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec.exe
-
Size
14KB
-
Sample
210906-ptkyfsecak
-
MD5
e9b1631a77d5b557acef3be265819134
-
SHA1
bd7cfbaea73febf51e4b9c838bfe99f023ee8cc3
-
SHA256
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec
-
SHA512
0f2ebb6f8875950027b0a8a0c7e5ef4eb4ef0d9fe7998325e6dc0fb2a8e0bd4c1cfd11c57bb68441bb0dc89175e51c397c61be90122ab2fb50fa68f534f89a63
Static task
static1
Behavioral task
behavioral1
Sample
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec.exe
Resource
win10-en
Malware Config
Extracted
C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\#Decrypt#.txt
https://icq.com/windows/
https://icq.im/zipzipulya
Extracted
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\#Decrypt#.txt
https://icq.com/windows/
https://icq.im/zipzipulya
Targets
-
-
Target
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec.exe
-
Size
14KB
-
MD5
e9b1631a77d5b557acef3be265819134
-
SHA1
bd7cfbaea73febf51e4b9c838bfe99f023ee8cc3
-
SHA256
7f4dba54da91c99423b5862088da784363c7edc76d63e26d72270cd1fdf6dbec
-
SHA512
0f2ebb6f8875950027b0a8a0c7e5ef4eb4ef0d9fe7998325e6dc0fb2a8e0bd4c1cfd11c57bb68441bb0dc89175e51c397c61be90122ab2fb50fa68f534f89a63
Score10/10-
Registers COM server for autorun
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets file execution options in registry
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-