General
-
Target
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f
-
Size
53KB
-
Sample
220211-hvjcpadgfk
-
MD5
354f1e5bbdc592c7f96280c9424dd886
-
SHA1
0b0653212a402c5d885ef38b596ac64a617e1161
-
SHA256
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f
-
SHA512
e4f309fc1893a9f03c901161c6faaa189ba63eda287f8b2d5803016569375ba8f8abe7ad22d71464ad4fe471b95ab793687e6989c8fbdddb737222c7499f5940
Static task
static1
Behavioral task
behavioral1
Sample
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\how_to_back_files.html
Extracted
C:\how_to_back_files.html
Targets
-
-
Target
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f
-
Size
53KB
-
MD5
354f1e5bbdc592c7f96280c9424dd886
-
SHA1
0b0653212a402c5d885ef38b596ac64a617e1161
-
SHA256
384d9c5897a5db25b373a0bd0841929a13683c9f374c81b493e7bec0a520aa6f
-
SHA512
e4f309fc1893a9f03c901161c6faaa189ba63eda287f8b2d5803016569375ba8f8abe7ad22d71464ad4fe471b95ab793687e6989c8fbdddb737222c7499f5940
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-