General
-
Target
svchost.exe
-
Size
26KB
-
Sample
231016-138lnafh6w
-
MD5
77621bd052797e738ed47a9a4db1beea
-
SHA1
4417200e540a377b298613edfbc56cd8c09d38f2
-
SHA256
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b
-
SHA512
179c674fee62444a233f655d64dc841b50e9c3585f7464d3d5c9b058860028fe5405cb71f3f77a136adb52e087dcfbc2fc09e0a6a0e334a2f68cc93053336878
-
SSDEEP
384:etWZPzzxAm1vGdUOGKFKAUa5FKW6pVnAQ5NYlFOy5o91A/ba82vz:D7zxAmGGdu5z6pGQ5Oho9CG827
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
svchost.exe
-
Size
26KB
-
MD5
77621bd052797e738ed47a9a4db1beea
-
SHA1
4417200e540a377b298613edfbc56cd8c09d38f2
-
SHA256
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b
-
SHA512
179c674fee62444a233f655d64dc841b50e9c3585f7464d3d5c9b058860028fe5405cb71f3f77a136adb52e087dcfbc2fc09e0a6a0e334a2f68cc93053336878
-
SSDEEP
384:etWZPzzxAm1vGdUOGKFKAUa5FKW6pVnAQ5NYlFOy5o91A/ba82vz:D7zxAmGGdu5z6pGQ5Oho9CG827
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-