General
-
Target
9534e9f11f274b0643f099fafd6895452e15398da308b88f64049fd609215333
-
Size
867KB
-
Sample
221119-1elf8afe7x
-
MD5
1838114e4893a371a0e4d3e8a0e88570
-
SHA1
490eca7e5517b3adfd7e643c595e687b42df5352
-
SHA256
9534e9f11f274b0643f099fafd6895452e15398da308b88f64049fd609215333
-
SHA512
dcaaa2580dce75961f191877f25781b9644118ead11d1612234bcc11bd54e4735bf8ca4f6dde3599a1d48762a17c9a79c2049f28da19e20dcc98c63dbfcd5849
-
SSDEEP
12288:pq8hiZ2zrU8ge+g/3PDarqaH0AZYSrW/TQpXqRAwYIm/NTn7g:pa8/N/rlBAZP2QpXPBk
Static task
static1
Behavioral task
behavioral1
Sample
9534e9f11f274b0643f099fafd6895452e15398da308b88f64049fd609215333.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
9534e9f11f274b0643f099fafd6895452e15398da308b88f64049fd609215333
-
Size
867KB
-
MD5
1838114e4893a371a0e4d3e8a0e88570
-
SHA1
490eca7e5517b3adfd7e643c595e687b42df5352
-
SHA256
9534e9f11f274b0643f099fafd6895452e15398da308b88f64049fd609215333
-
SHA512
dcaaa2580dce75961f191877f25781b9644118ead11d1612234bcc11bd54e4735bf8ca4f6dde3599a1d48762a17c9a79c2049f28da19e20dcc98c63dbfcd5849
-
SSDEEP
12288:pq8hiZ2zrU8ge+g/3PDarqaH0AZYSrW/TQpXqRAwYIm/NTn7g:pa8/N/rlBAZP2QpXPBk
-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Document created with cracked Office version
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
-
Drops file in System32 directory
-