General
-
Target
a2333bcbbdbf6846ea6945637f93ecc2500a32bbfa9032c4cc39021a4e41a855
-
Size
164KB
-
Sample
230714-3gyknshc8z
-
MD5
de348ef9eed7ccdaed5a70ae15796a86
-
SHA1
42914d94e8024ca94e58bb4bd9cfa4d0ae524975
-
SHA256
a2333bcbbdbf6846ea6945637f93ecc2500a32bbfa9032c4cc39021a4e41a855
-
SHA512
605bdb115b9fc95b1c0924f01b3b62b27737d94fe97825e81ebc5f1de107a317bd47fbe88be9d2ac4e6b3c9d0d537a8b38986b24480a54495442c6206e9eb163
-
SSDEEP
3072:/pL1jrjayrgtLj/ysivDtEt0TYav9hk15A74:BL1bagg1jyNvet0TYC9V8
Static task
static1
Behavioral task
behavioral1
Sample
a2333bcbbdbf6846ea6945637f93ecc2500a32bbfa9032c4cc39021a4e41a855.exe
Resource
win10-20230703-en
Malware Config
Extracted
C:\info.hta
class='mark'>[email protected]</span></div>
http://www.w3.org/TR/html4/strict.dtd'>
Extracted
C:\Users\Admin\Desktop\info.hta
Targets
-
-
Target
a2333bcbbdbf6846ea6945637f93ecc2500a32bbfa9032c4cc39021a4e41a855
-
Size
164KB
-
MD5
de348ef9eed7ccdaed5a70ae15796a86
-
SHA1
42914d94e8024ca94e58bb4bd9cfa4d0ae524975
-
SHA256
a2333bcbbdbf6846ea6945637f93ecc2500a32bbfa9032c4cc39021a4e41a855
-
SHA512
605bdb115b9fc95b1c0924f01b3b62b27737d94fe97825e81ebc5f1de107a317bd47fbe88be9d2ac4e6b3c9d0d537a8b38986b24480a54495442c6206e9eb163
-
SSDEEP
3072:/pL1jrjayrgtLj/ysivDtEt0TYav9hk15A74:BL1bagg1jyNvet0TYC9V8
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (448) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-