General
-
Target
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c
-
Size
787KB
-
Sample
221125-1pnpbshc52
-
MD5
95974b47807ecf1eab68603b24e99c10
-
SHA1
3a5e5f06f7acdb047a4f5ff45357669fb6481a48
-
SHA256
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c
-
SHA512
740f4f630b1cbb7b35ec8f14aeb074eeeb1c3ab94ce0cd14ad42ac7e34308e003ee6587142b514b3130e201e2b5b823828628877d8dfdf2a1d37ecd8b0949df3
-
SSDEEP
24576:lXxQtW/06AtfE0PDbcDHelHVwUmBQR24n:lBWESfEnDHelHdaG2M
Static task
static1
Behavioral task
behavioral1
Sample
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c
-
Size
787KB
-
MD5
95974b47807ecf1eab68603b24e99c10
-
SHA1
3a5e5f06f7acdb047a4f5ff45357669fb6481a48
-
SHA256
86372edc5c196e22708b2da867ecc88cee2edee9097fdd0d3c686fca3843749c
-
SHA512
740f4f630b1cbb7b35ec8f14aeb074eeeb1c3ab94ce0cd14ad42ac7e34308e003ee6587142b514b3130e201e2b5b823828628877d8dfdf2a1d37ecd8b0949df3
-
SSDEEP
24576:lXxQtW/06AtfE0PDbcDHelHVwUmBQR24n:lBWESfEnDHelHdaG2M
Score10/10-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-