Resubmissions
12/02/2022, 08:00
220212-jwe74ahgh6 812/01/2022, 18:56
220112-xlrd9sdfhm 812/01/2022, 06:29
220112-g9cm1sbdg5 6Analysis
-
max time kernel
147s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
12/01/2022, 18:56
Static task
static1
Behavioral task
behavioral1
Sample
WindowsFormsApp1.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
WindowsFormsApp1.exe
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
WindowsFormsApp1.exe
-
Size
117KB
-
MD5
e7138eb2f838114591d0917050710bff
-
SHA1
55f4b508ed4ed8e6650057b7a7538fda9dbdf2e7
-
SHA256
bb0bca92cc74cac6b770649c5e70b0f4fd177de58fcfc7c719223485624dc28b
-
SHA512
09a05490a40a05e1df42022742512a417c1a6970c06f32e445fb4aa12a123ea72f7cb2ed4da1ac1365229114c18578ae3e4baecbd653f81b77cf750a86554cc2
Score
8/10
Malware Config
Signatures
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File opened for modification C:\Users\Admin\Pictures\AssertStop.tiff WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\CompareAdd.tiff WindowsFormsApp1.exe -
Drops desktop.ini file(s) 5 IoCs
description ioc Process File opened for modification C:\Users\Admin\Desktop\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Documents\desktop.ini WindowsFormsApp1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe"C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
PID:3788
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt1⤵PID:1296
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt1⤵PID:3796