General
-
Target
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa
-
Size
1.8MB
-
Sample
211015-xxxenabce5
-
MD5
afe1317423c7fea2eadb520f15fd1244
-
SHA1
f66af8f2ac9206b87a4388f59c69ae092502fb7b
-
SHA256
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa
-
SHA512
909c2d66091da3f70e225e95ab24497a565cf1f45cb60e4ec511b0b9885456cb15bee8602eee49318f066b851aeddc8e6fff4f36e42a42d1754fd153eb1bd066
Behavioral task
behavioral1
Sample
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-gn9cj.txt
Extracted
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\HOW-TO-DECRYPT-gn9cj.txt
Targets
-
-
Target
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa
-
Size
1.8MB
-
MD5
afe1317423c7fea2eadb520f15fd1244
-
SHA1
f66af8f2ac9206b87a4388f59c69ae092502fb7b
-
SHA256
d35c8035a81539f841afcbc400ba73c66290f97b07881fbb590ea67a82990baa
-
SHA512
909c2d66091da3f70e225e95ab24497a565cf1f45cb60e4ec511b0b9885456cb15bee8602eee49318f066b851aeddc8e6fff4f36e42a42d1754fd153eb1bd066
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-