General
-
Target
microsoft-service.file
-
Size
8.7MB
-
Sample
211025-srr6jagcg9
-
MD5
ea68e41df9270259b9132fb4939ccb9f
-
SHA1
317f2b5d2a7ed69abb121f9a59502a5dd9d8c00e
-
SHA256
314302e1fee3d78fa6c3ce096ed2f87fb87124255eee67b42d422c6525680abd
-
SHA512
7f2659935956d93869ae373e1283a09b59a9ba6911332a84635ea330ab983a1a539c345bc621de009e7cd70a8a28a97835609e740e69ada56ca995427873469b
Static task
static1
Behavioral task
behavioral1
Sample
microsoft-service.file.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
microsoft-service.file.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\Users\Admin\Desktop\README.txt
johnpeter27@protonmail.com
3MHWyofVSoTCUywa4fRnnrhobtijRL6aSQ
Targets
-
-
Target
microsoft-service.file
-
Size
8.7MB
-
MD5
ea68e41df9270259b9132fb4939ccb9f
-
SHA1
317f2b5d2a7ed69abb121f9a59502a5dd9d8c00e
-
SHA256
314302e1fee3d78fa6c3ce096ed2f87fb87124255eee67b42d422c6525680abd
-
SHA512
7f2659935956d93869ae373e1283a09b59a9ba6911332a84635ea330ab983a1a539c345bc621de009e7cd70a8a28a97835609e740e69ada56ca995427873469b
Score10/10-
Loads dropped DLL
-
Generic Ransomware Note
Ransomware often writes a note containing information on how to pay the ransom.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-