General
-
Target
b923f1d2ece074dabe58bb6a603ed5d49e8d62044a1293a37e8afbcac029dded
-
Size
146KB
-
Sample
230521-ht4l8sgf63
-
MD5
a96ac42f9ccc7d11663f2741d5dfe930
-
SHA1
3ff257bcb32b3862d4eb08c73949e1aa930a2384
-
SHA256
b923f1d2ece074dabe58bb6a603ed5d49e8d62044a1293a37e8afbcac029dded
-
SHA512
0021067adc17831733b267893639e034db928583acb5a2c18221213772ae7e85fd52bfdf7f90377cee63495d5ba05ce4bd706af302f81357f41fabde9fe29409
-
SSDEEP
3072:q6glyuxE4GsUPnliByocWepqzYq7G9HkRgeXCDy8MD5:q6gDBGpvEByocWe4Y7pkRgeS28MD5
Behavioral task
behavioral1
Sample
b923f1d2ece074dabe58bb6a603ed5d49e8d62044a1293a37e8afbcac029dded.exe
Resource
win10-20230220-en
Malware Config
Extracted
C:\6KMVhDmrY.README.txt
Targets
-
-
Target
b923f1d2ece074dabe58bb6a603ed5d49e8d62044a1293a37e8afbcac029dded
-
Size
146KB
-
MD5
a96ac42f9ccc7d11663f2741d5dfe930
-
SHA1
3ff257bcb32b3862d4eb08c73949e1aa930a2384
-
SHA256
b923f1d2ece074dabe58bb6a603ed5d49e8d62044a1293a37e8afbcac029dded
-
SHA512
0021067adc17831733b267893639e034db928583acb5a2c18221213772ae7e85fd52bfdf7f90377cee63495d5ba05ce4bd706af302f81357f41fabde9fe29409
-
SSDEEP
3072:q6glyuxE4GsUPnliByocWepqzYq7G9HkRgeXCDy8MD5:q6gDBGpvEByocWe4Y7pkRgeS28MD5
Score10/10-
Renames multiple (636) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-