General
-
Target
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba
-
Size
460KB
-
Sample
220523-wkkpnadbbk
-
MD5
01cab213e1d515243a455f0eeb716c97
-
SHA1
da03f61eaa0989fcf12b9e48ff0bf03f501180eb
-
SHA256
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba
-
SHA512
97197a6d4d96d9102edf62951a6277df1ec0b1eb8e907755dab655f9f3d47018282d3696c2866d53e13e83254d18f6006a94700ed74d273da4bb1f6c7c1fd024
Static task
static1
Behavioral task
behavioral1
Sample
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba
-
Size
460KB
-
MD5
01cab213e1d515243a455f0eeb716c97
-
SHA1
da03f61eaa0989fcf12b9e48ff0bf03f501180eb
-
SHA256
b074d2b28a5311251063a68f00846f306df64635e9e32889117bd436d83af1ba
-
SHA512
97197a6d4d96d9102edf62951a6277df1ec0b1eb8e907755dab655f9f3d47018282d3696c2866d53e13e83254d18f6006a94700ed74d273da4bb1f6c7c1fd024
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-