Overview

overview

9

Static

static

ewin.exe

windows7_x64

9

ewin.exe

windows10-2004_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ewin.exe

  • Size

    79KB

  • Sample

    220628-m63mxsagf5

  • MD5

    b1506fec2b3988ff33fb5e6c5076439d

  • SHA1

    295b9010c3eb13496b3a1379e73c5d2317c2134d

  • SHA256

    3a64d8f4f91013a46b8114092a5d691a93a9e559be43f9f7b4ceb3bd6a1a1876

  • SHA512

    104d342628253247aff4edbc9b3d801c69d89de9f16045055575d8ddf5b80a15e9a3bfcfaec5667035a30c5809eca57286be748c3d775fc4dc1be51c39642323

Score
9/10
ransomware

Malware Config

Targets

    • Target

      ewin.exe

    • Size

      79KB

    • MD5

      b1506fec2b3988ff33fb5e6c5076439d

    • SHA1

      295b9010c3eb13496b3a1379e73c5d2317c2134d

    • SHA256

      3a64d8f4f91013a46b8114092a5d691a93a9e559be43f9f7b4ceb3bd6a1a1876

    • SHA512

      104d342628253247aff4edbc9b3d801c69d89de9f16045055575d8ddf5b80a15e9a3bfcfaec5667035a30c5809eca57286be748c3d775fc4dc1be51c39642323

    Score
    9/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks