General
-
Target
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b
-
Size
56KB
-
Sample
221230-mkfahafd76
-
MD5
715bb8ece6c740ab68a9aa2f4eb0aa04
-
SHA1
6fef9bbee0ef34c8e0bbc2510eb14c7751329577
-
SHA256
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b
-
SHA512
2e0945f4bd9ab7b8ffc05da7ecbf18fadffd20210ac5537bb2e6b3e1f65a41f7b0e16a34772afdef20c7a9235e1487d85e21024a8da64c84bd90d59c7d37e2a2
-
SSDEEP
1536:bNeRBl5PT/rx1mzwRMSTdLpJBRWvKIIGNOHRG47:bQRrmzwR5JTWSyIQw
Static task
static1
Behavioral task
behavioral1
Sample
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\users\public\desktop\info.hta
Extracted
C:\users\public\desktop\info.hta
Targets
-
-
Target
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b
-
Size
56KB
-
MD5
715bb8ece6c740ab68a9aa2f4eb0aa04
-
SHA1
6fef9bbee0ef34c8e0bbc2510eb14c7751329577
-
SHA256
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b
-
SHA512
2e0945f4bd9ab7b8ffc05da7ecbf18fadffd20210ac5537bb2e6b3e1f65a41f7b0e16a34772afdef20c7a9235e1487d85e21024a8da64c84bd90d59c7d37e2a2
-
SSDEEP
1536:bNeRBl5PT/rx1mzwRMSTdLpJBRWvKIIGNOHRG47:bQRrmzwR5JTWSyIQw
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-