General
-
Target
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b
-
Size
53KB
-
Sample
220211-hwytrscbb6
-
MD5
056a267f8eff3c33d5c47eb06ed06a2e
-
SHA1
7d9288457ad639b91508be5e262deb9ace24fca2
-
SHA256
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b
-
SHA512
d213eb80c372b61796994575eec95b4113a8da21920bee25bfe8b14fc34ca93948a0913f4305bdd254c046f1ea44e38f3638223be5da6ae7860dd6aad79d98ad
Static task
static1
Behavioral task
behavioral1
Sample
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\how_to_back_files.html
Extracted
C:\how_to_back_files.html
Targets
-
-
Target
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b
-
Size
53KB
-
MD5
056a267f8eff3c33d5c47eb06ed06a2e
-
SHA1
7d9288457ad639b91508be5e262deb9ace24fca2
-
SHA256
29164d1a928f1ec152d3a3a28111d5baf2178f06b10c99cedaa8049cd3a3247b
-
SHA512
d213eb80c372b61796994575eec95b4113a8da21920bee25bfe8b14fc34ca93948a0913f4305bdd254c046f1ea44e38f3638223be5da6ae7860dd6aad79d98ad
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-