General
-
Target
9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
-
Size
21KB
-
Sample
221107-wpfw9sddhn
-
MD5
ef8fe9e54b324a7b8c52dd55970c3eee
-
SHA1
08c2d71489f6e203d9281904e933a797d5822463
-
SHA256
9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
-
SHA512
a0ed1ff57f275c58626de37a1709957d46e4199bd113e98b405026456d45af8bc658724d185a88614a6cd5fa3092e32ae89a9400de6ca6a4713cdbb90ea21132
-
SSDEEP
384:7rwgu4oJuTJj+XZ9Y9qkyUI07jn6qq9fUaIfqfxWkqxrF6ZlvH38R0V:HaJU+Je9Lwjn9fU7q55AQDHr
Malware Config
Targets
-
-
Target
9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
-
Size
21KB
-
MD5
ef8fe9e54b324a7b8c52dd55970c3eee
-
SHA1
08c2d71489f6e203d9281904e933a797d5822463
-
SHA256
9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
-
SHA512
a0ed1ff57f275c58626de37a1709957d46e4199bd113e98b405026456d45af8bc658724d185a88614a6cd5fa3092e32ae89a9400de6ca6a4713cdbb90ea21132
-
SSDEEP
384:7rwgu4oJuTJj+XZ9Y9qkyUI07jn6qq9fUaIfqfxWkqxrF6ZlvH38R0V:HaJU+Je9Lwjn9fU7q55AQDHr
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-