General
-
Target
WinCrypto Ransomware.exe
-
Size
4.4MB
-
Sample
211213-mp6cgsddh6
-
MD5
27786f44811d4832d01246e529b94320
-
SHA1
b31bd516fe0ca01cd139739867ae2c60054dc328
-
SHA256
5c396be42657aecabd75f8be6ac9b3af96fa1243a4a50214b3543617f39d6c5b
-
SHA512
1904e09f2a963b725493bb11b9b18f43ffb9e132114bdcd3f05816ee80d50fcca181482bced3fafd739c425b09e6864bec93bbc4ea1365da7ffdb1dc81734dea
Static task
static1
Behavioral task
behavioral1
Sample
WinCrypto Ransomware.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
WinCrypto Ransomware.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\Users\Admin\Desktop\README WINCRYPTO.txt
Targets
-
-
Target
WinCrypto Ransomware.exe
-
Size
4.4MB
-
MD5
27786f44811d4832d01246e529b94320
-
SHA1
b31bd516fe0ca01cd139739867ae2c60054dc328
-
SHA256
5c396be42657aecabd75f8be6ac9b3af96fa1243a4a50214b3543617f39d6c5b
-
SHA512
1904e09f2a963b725493bb11b9b18f43ffb9e132114bdcd3f05816ee80d50fcca181482bced3fafd739c425b09e6864bec93bbc4ea1365da7ffdb1dc81734dea
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-