General
-
Target
SDReplicaContentFS_2023-05-17_06_39_27.zip
-
Size
267KB
-
Sample
230517-qzfflaec6t
-
MD5
2b8507b365c8b95821c56b9a58e68975
-
SHA1
1b0fecc75fd9f0c89574d57185435b04eba6dd2c
-
SHA256
712c53daf2ba449897469fc8ece9de37dd59434d2fdfff89cd237ccc0c68b55f
-
SHA512
d1ef12c2b8caea0ba10f8cdefff646e71e916baf649308d877827fdf499e0fa4bb837478ba4324b1d5de298c3e4b65d1ca75952ffd2905563ea6c8f514d5e188
-
SSDEEP
6144:IEWuVb1CqCCsXsWy/uVqECTZxA/CKBfjdzPORcZfWjmQf:Ipu91CEsX7y/axyc6YLBjWCQf
Static task
static1
Behavioral task
behavioral1
Sample
Device/HarddiskVolume2/PerfLogs/sf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Device/HarddiskVolume2/PerfLogs/sf.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Device/HarddiskVolume2/PerfLogs/sf.exe
-
Size
572KB
-
MD5
abe06e90aeb9e69647efe1431f6a1a68
-
SHA1
42c864d9e21ef8539b28e105932a365a145ba1dc
-
SHA256
5c62626731856fb5e669473b39ac3deb0052b32981863f8cf697ae01c80512e5
-
SHA512
36859bf2732ef40a917492e14aed1f3e818afe8334094d37b18eebd4a0d861ec401fe14de303ea7f8ca2d6f941f041ca7d591a048a200c7d98078cce88a08eff
-
SSDEEP
6144:PvkQV0yspOdsQp8ecldEWuc9bPu1Y2GRxqTQXh2ikXdPLovfyT5QohoKhFlQ4on:nkQSysOJErU1cqMrkXWyT5QoOX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8528) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (8547) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-