Overview
overview
10Static
static
e7969800b4...c7.exe
windows7_x64
10e7969800b4...c7.exe
windows7_x64
10e7969800b4...c7.exe
windows7_x64
10e7969800b4...c7.exe
windows11_x64
10e7969800b4...c7.exe
windows10_x64
10e7969800b4...c7.exe
windows10_x64
10e7969800b4...c7.exe
windows10_x64
10e7969800b4...c7.exe
windows10_x64
10General
-
Target
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7
-
Size
1.6MB
-
Sample
211005-nqgwysaaap
-
MD5
520d488564da102f5482fcfdcdbd266a
-
SHA1
45deee8360e5af17ca04f4bc0fd2c52ae92eb9f0
-
SHA256
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7
-
SHA512
e2c4f46dcf40b8f03bc9fbe0f0cecf933d2825788b0e9f270e7e7ae8a60174d1b7fc778870aa7ce7ba5cb464f28cc5842d043fc93535921749d186e414f51906
Static task
static1
Behavioral task
behavioral1
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win7v20210408
Behavioral task
behavioral3
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win7-de-20210920
Behavioral task
behavioral4
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win11
Behavioral task
behavioral5
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win10v20210408
Behavioral task
behavioral6
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win10-ja-20210920
Behavioral task
behavioral7
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win10-en-20210920
Behavioral task
behavioral8
Sample
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7.exe
Resource
win10-de-20210920
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7
-
Size
1.6MB
-
MD5
520d488564da102f5482fcfdcdbd266a
-
SHA1
45deee8360e5af17ca04f4bc0fd2c52ae92eb9f0
-
SHA256
e7969800b4ea77a3719a6ba3127bd561a439323d75f6d61e22e5c64b316768c7
-
SHA512
e2c4f46dcf40b8f03bc9fbe0f0cecf933d2825788b0e9f270e7e7ae8a60174d1b7fc778870aa7ce7ba5cb464f28cc5842d043fc93535921749d186e414f51906
Score10/10-
Registers COM server for autorun
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-