General
-
Target
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b
-
Size
53KB
-
Sample
220211-hlmczsdfer
-
MD5
0395ef8c8a5c3d27ac728a8dda4bbe47
-
SHA1
aff10dbe0281374c05a355fdd18075186edf8e87
-
SHA256
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b
-
SHA512
e49a9d1e8c325ccea5e64174a5f7080e983633fc9dba3781f9582b3cb646761744f8befa504bc9ea17d65142626270533298dc6bc48da809ae8142d66daca992
Static task
static1
Behavioral task
behavioral1
Sample
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\how_to_back_files.html
Extracted
C:\how_to_back_files.html
Targets
-
-
Target
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b
-
Size
53KB
-
MD5
0395ef8c8a5c3d27ac728a8dda4bbe47
-
SHA1
aff10dbe0281374c05a355fdd18075186edf8e87
-
SHA256
6d591daed58446c6cd8b6a324b9f57c440d2780e0dc7ff94b5d532bc9dd8a75b
-
SHA512
e49a9d1e8c325ccea5e64174a5f7080e983633fc9dba3781f9582b3cb646761744f8befa504bc9ea17d65142626270533298dc6bc48da809ae8142d66daca992
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-