General
-
Target
66.msi
-
Size
96KB
-
Sample
220523-d9xfmsbfc3
-
MD5
5d4e40d1d41c4588fbf7065fa85454e7
-
SHA1
ca876c335ef0a4d90b456f13cc975c04016a5cc1
-
SHA256
4c7314083933a283c87dc28abbed3082040f12e92edac47ff72f8539af6e3ea1
-
SHA512
5f86b37bbdd97ec632e0098d5c2ff71c0a23f547a27493d88d5a0cfa0342e45c39fc79ddbb42e4103a08e7e8a71b88412ca45cbb3b1aed615fdbe4c50d647f3c
Static task
static1
Behavioral task
behavioral1
Sample
66.msi
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
66.msi
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
66.msi
-
Size
96KB
-
MD5
5d4e40d1d41c4588fbf7065fa85454e7
-
SHA1
ca876c335ef0a4d90b456f13cc975c04016a5cc1
-
SHA256
4c7314083933a283c87dc28abbed3082040f12e92edac47ff72f8539af6e3ea1
-
SHA512
5f86b37bbdd97ec632e0098d5c2ff71c0a23f547a27493d88d5a0cfa0342e45c39fc79ddbb42e4103a08e7e8a71b88412ca45cbb3b1aed615fdbe4c50d647f3c
Score9/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-