General
-
Target
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607
-
Size
1.7MB
-
Sample
221126-tl6meafe99
-
MD5
0eb2c7f3c2bad42f17f601554a974724
-
SHA1
e8a2300d3182d6997f0e45f36cf706ac2a6bb9bb
-
SHA256
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607
-
SHA512
34366f26e304d7c4276c68535b4e2a855db5496781e7b0788a947c9f7af5b1f525b3d613dbe573de350825871573695d5755031a8beaaee0169d90341559157e
-
SSDEEP
49152:8YnFxxpJWx3pYVSMSRXV09e6cfjNTXygz:8YnFPCx3ESHRAe6MTCgz
Behavioral task
behavioral1
Sample
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607
-
Size
1.7MB
-
MD5
0eb2c7f3c2bad42f17f601554a974724
-
SHA1
e8a2300d3182d6997f0e45f36cf706ac2a6bb9bb
-
SHA256
7dffcd63ae2589422467a9dc889421d383173ad664171d0214cb59b0e74b9607
-
SHA512
34366f26e304d7c4276c68535b4e2a855db5496781e7b0788a947c9f7af5b1f525b3d613dbe573de350825871573695d5755031a8beaaee0169d90341559157e
-
SSDEEP
49152:8YnFxxpJWx3pYVSMSRXV09e6cfjNTXygz:8YnFPCx3ESHRAe6MTCgz
Score10/10-
Detected Xorist Ransomware
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-