General
-
Target
IN.exe
-
Size
340KB
-
Sample
231013-rcm3laac7z
-
MD5
714870c33ba84e744b84b32e6e114ed9
-
SHA1
840f442d4466713becdf72b88846871330ac38e7
-
SHA256
51b8a283f87a95edb5e98125e5730bcf843fc7ec8fcdc175c8dc0ba3032e8a51
-
SHA512
270c584cc9f696de3421429627a07bfbd7829a033cfdc16280e7e233e8ae09e2f1cd0341537a6b050811683d93a14a1465aa3ab96e9577c98ebea521faae65f2
-
SSDEEP
6144:PNs9prB0CnszdPZxMzk1ukSXa9bnuDOeFdGpBP7ENf3zcfUE:y9RaPZxMzk1uBXa9bu2JeAfUE
Behavioral task
behavioral1
Sample
IN.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
IN.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
\Device\HarddiskVolume1\Boot\da-DK\HOW_TO_BACK_FILES.html
Targets
-
-
Target
IN.exe
-
Size
340KB
-
MD5
714870c33ba84e744b84b32e6e114ed9
-
SHA1
840f442d4466713becdf72b88846871330ac38e7
-
SHA256
51b8a283f87a95edb5e98125e5730bcf843fc7ec8fcdc175c8dc0ba3032e8a51
-
SHA512
270c584cc9f696de3421429627a07bfbd7829a033cfdc16280e7e233e8ae09e2f1cd0341537a6b050811683d93a14a1465aa3ab96e9577c98ebea521faae65f2
-
SSDEEP
6144:PNs9prB0CnszdPZxMzk1ukSXa9bnuDOeFdGpBP7ENf3zcfUE:y9RaPZxMzk1uBXa9bu2JeAfUE
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Renames multiple (4413) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (7545) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-