General
-
Target
33228a20a7e985f02e2ddd73cccde729.bin
-
Size
93KB
-
Sample
230623-bkvveacc6s
-
MD5
0367e08a011aff22afd0b86c4776b5ea
-
SHA1
d38030649235377b9ae7b9a39ac5887b60a03da0
-
SHA256
b6a327a1ad5d004644941461a7281df84f01e44ad80ae42e36f5fb216ba7e53d
-
SHA512
6a3863ac1b570160731641c358033da19bf666d97b2ab10a2ea2c09ddca6f61102cfcf79d343e4b35b33112c4d18f7df14c7316dd8d0d5e6ca18e851f240fb57
-
SSDEEP
1536:1Ql1+DNda293ysT3MG929UBD14//1Uq48GUNAWEq1pBAx/swvaBKnDrE6XLTCTcJ:qcNT9iAM02+o/eOruWEq1nwtDrE6XvqK
Behavioral task
behavioral1
Sample
0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194.exe
-
Size
146KB
-
MD5
33228a20a7e985f02e2ddd73cccde729
-
SHA1
58ab960e629a609d135e1988c72f2991e5f76e30
-
SHA256
0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194
-
SHA512
075002dd1b0f8e536c1ff99d30368f5adfc90a2f3e7a74c9770119e7b54a5851236657b7edcb735d457e78a7e67b7c285b6ceaa6ca2907542ac208dfc8c9aabe
-
SSDEEP
3072:36glyuxE4GsUPnliByocWepqFPUBwrqveV84:36gDBGpvEByocWe8MB4G
Score9/10-
Renames multiple (305) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-