General
-
Target
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
-
Size
241KB
-
Sample
220628-tx7nvaagek
-
MD5
e52cc2b7136c572838b8a9e2b021bd5b
-
SHA1
33a4d5d7d28c25b3166a5ee1e6e60054622a575c
-
SHA256
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
-
SHA512
7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45
Static task
static1
Behavioral task
behavioral1
Sample
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
-
Size
241KB
-
MD5
e52cc2b7136c572838b8a9e2b021bd5b
-
SHA1
33a4d5d7d28c25b3166a5ee1e6e60054622a575c
-
SHA256
679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76
-
SHA512
7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-