General
-
Target
trig_149ded86c52aee0bf1dc30.exe
-
Size
1.1MB
-
Sample
221129-s5w2mscf72
-
MD5
882f792ef927f4e8321e082d9a4d85ff
-
SHA1
0f7989d7ae20d6be6f18c38ae255a5ca1397a8df
-
SHA256
149ded86c52aee0bf1dc303181495af988334c9c0c6b81048d8388a7f797dc5b
-
SHA512
350040e5611aa21bc637f465a4c898c7473cd21e2a71c269593196c6866b709cefdf9610b411679cdd1f6b213ee130e058b93f5c2578457450aa4b3dd49a9673
-
SSDEEP
24576:LYxvmwliqDHWHVjdzuM7Br+e5rA+u7ziSX:evmw3UjnrP9jQis
Static task
static1
Behavioral task
behavioral1
Sample
trig_149ded86c52aee0bf1dc30.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
trig_149ded86c52aee0bf1dc30.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
trig_149ded86c52aee0bf1dc30.exe
-
Size
1.1MB
-
MD5
882f792ef927f4e8321e082d9a4d85ff
-
SHA1
0f7989d7ae20d6be6f18c38ae255a5ca1397a8df
-
SHA256
149ded86c52aee0bf1dc303181495af988334c9c0c6b81048d8388a7f797dc5b
-
SHA512
350040e5611aa21bc637f465a4c898c7473cd21e2a71c269593196c6866b709cefdf9610b411679cdd1f6b213ee130e058b93f5c2578457450aa4b3dd49a9673
-
SSDEEP
24576:LYxvmwliqDHWHVjdzuM7Br+e5rA+u7ziSX:evmw3UjnrP9jQis
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops desktop.ini file(s)
-