General
-
Target
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.zip
-
Size
99KB
-
Sample
230321-rwvxjsdb2t
-
MD5
dbe2d0024b682727158b43e3eb1d4232
-
SHA1
bad4f13c80e654ebd19d95d62991f4f03d3a6197
-
SHA256
7b175152471f7bb28ed7b5bdee8015e329ba0847cc8ca9e7c8bfef180e3fdd72
-
SHA512
219a8c148413b3b713d5e9b86d2b8d7febbcd241509f34ba9856ecc37fda3e9eac9681d9f1ffaeae91cd1324039546ea9493c0525f9cd700476940e996febd2c
-
SSDEEP
3072:FbzGt964NE6vu2H9IRaCzksKppgJgZKxiTrMUQB:oa4Bvui9cKppWgZ/5QB
Behavioral task
behavioral1
Sample
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\cHpfiXA9s.README.txt
Targets
-
-
Target
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe
-
Size
153KB
-
MD5
35560fff8fc990948a9252bf20cfc8f5
-
SHA1
66163cb283c8792ac32c0e2361adc7143d8d319d
-
SHA256
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1
-
SHA512
9bf7b5aeec71b74012fa36d2af4dc4704e859a564cfbf3b35e44b1af8195a9885292c22a9297b691903c3245a6fae85746590988706e6a4d5dab29937ac13d77
-
SSDEEP
3072:j6glyuxE4GsUPnliByocWepvdHFdjFpZ/fgyVF0djk:j6gDBGpvEByocWetdHZ/fgKF0
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-