Analysis
-
max time kernel
24s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 19:51
Static task
static1
Behavioral task
behavioral1
Sample
ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
Resource
win10v2004-20221111-en
General
-
Target
ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
-
Size
683KB
-
MD5
77f23ed6c9c83823eb56ba579b4183d4
-
SHA1
74969b74766e2ee491f4f5ddd9f78b740e2107c9
-
SHA256
ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73
-
SHA512
56155c2312703f782037216317e9ba9f4025aded12da6c6b71974cce7b5f0c1c49b53e365875da8259b93fc9db8dcf5b7a73ed5ab10e52503cabdbc7bf6f39d9
-
SSDEEP
12288:BPwbp5ov5nx7RzvouK2xQKOZhxAJ9nFObvAoj3fGp4Tnv0oDNqsJSqG7U:md5+5x7RzfbyA7FObvAoj3fGp4Tnvrq1
Malware Config
Signatures
-
Clop
Ransomware discovered in early 2019 which has been actively developed since release.
-
Detects Clop payload 2 IoCs
resource yara_rule behavioral1/memory/1348-55-0x0000000000340000-0x000000000035B000-memory.dmp family_clop behavioral1/memory/1348-56-0x0000000000400000-0x00000000004B0000-memory.dmp family_clop -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1348 ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe 1348 ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe