General
-
Target
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
-
Size
272KB
-
Sample
240101-q6l7qaefa7
-
MD5
34441b7389336a401f4a9acb79172e40
-
SHA1
fcd96cd18b8ca9d33e50c3cfd3d1b9e2441acbdf
-
SHA256
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
-
SHA512
044e2c2f53d8dc3594a1f949a9ae4f2d4709ecf22204627a9aa82f4da152381059c36db5c44ceba290b65d11d6beb2ef5c127879ca5e27a9fb8dc08bd8128661
-
SSDEEP
3072:CQqE6DDDf22bL7bCJ+2TmOJjvodM3lW0uEcScV9d/2UCMKM:HqE6/DjnChTfJjvodIW0uEcScV9d/2p
Static task
static1
Behavioral task
behavioral1
Sample
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
-
Size
272KB
-
MD5
34441b7389336a401f4a9acb79172e40
-
SHA1
fcd96cd18b8ca9d33e50c3cfd3d1b9e2441acbdf
-
SHA256
bbace4f48807035a5e868ae924426893f29edafce1a0b2feb51d278e7e2dd9d2
-
SHA512
044e2c2f53d8dc3594a1f949a9ae4f2d4709ecf22204627a9aa82f4da152381059c36db5c44ceba290b65d11d6beb2ef5c127879ca5e27a9fb8dc08bd8128661
-
SSDEEP
3072:CQqE6DDDf22bL7bCJ+2TmOJjvodM3lW0uEcScV9d/2UCMKM:HqE6/DjnChTfJjvodIW0uEcScV9d/2p
-
Renames multiple (7800) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Sets service image path in registry
-
Windows Defender anti-emulation file check
Defender's emulator always creates certain fake files which can be used to detect it.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-