General
-
Target
0508410a90facaexeexeexeex.exe
-
Size
146KB
-
Sample
230705-sdvdqseg3y
-
MD5
0508410a90faca4e6353bb49ebbf6333
-
SHA1
08c324fa6adac4171a2408104fdf62ac0390f9bd
-
SHA256
3d2090c3065f7a037b043f67b0e5cda6541a112ff84f284141a61564c28a0bce
-
SHA512
8a8ad82a8dd9ae1f783c73dc31329c2d26141887aeecfcdd56e079cb4a7ca8638da6f4f1113beb6d20ed9ec177b9c877e6253423576152b414380877fc47dcb8
-
SSDEEP
3072:0qJogYkcSNm9V7DpQKHO48WDE7RygKOT:0q2kc4m9tDpQkO4DDBg
Behavioral task
behavioral1
Sample
0508410a90facaexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
0508410a90facaexeexeexeex.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
0508410a90facaexeexeexeex.exe
-
Size
146KB
-
MD5
0508410a90faca4e6353bb49ebbf6333
-
SHA1
08c324fa6adac4171a2408104fdf62ac0390f9bd
-
SHA256
3d2090c3065f7a037b043f67b0e5cda6541a112ff84f284141a61564c28a0bce
-
SHA512
8a8ad82a8dd9ae1f783c73dc31329c2d26141887aeecfcdd56e079cb4a7ca8638da6f4f1113beb6d20ed9ec177b9c877e6253423576152b414380877fc47dcb8
-
SSDEEP
3072:0qJogYkcSNm9V7DpQKHO48WDE7RygKOT:0q2kc4m9tDpQkO4DDBg
Score9/10-
Renames multiple (346) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (599) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-