Behavioral task
behavioral1
Sample
31dfa79fa02d96af7777d67727d28dc817e2ad2388ae9a06a90e227c70a09e46.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
31dfa79fa02d96af7777d67727d28dc817e2ad2388ae9a06a90e227c70a09e46.exe
Resource
win10v2004-20231215-en
General
-
Target
31dfa79fa02d96af7777d67727d28dc817e2ad2388ae9a06a90e227c70a09e46.exe
-
Size
26KB
-
MD5
feb26e2e50483edb8ad0f551766ec5a2
-
SHA1
7f3dcaacfa9f3734659bba718f53a994aa6a6ab9
-
SHA256
509a6fcb6a440b1dc563de57afb653f67ac591dc6a1813b36118ca9d97b123a3
-
SHA512
19ebdb5c18f7f49f07409a7e647fdb1d38a67baa7c65dc22dec39163a5d2385dc2f3a4a84635ffaa3511d01b1a58f0bdd6604912e25ae67cd60cb73a8e1f57a1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qcb5hxDGT:5OElB6sc9GcbXxDo
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
resource yara_rule sample family_chaos -
Chaos family
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 31dfa79fa02d96af7777d67727d28dc817e2ad2388ae9a06a90e227c70a09e46.exe
Files
-
31dfa79fa02d96af7777d67727d28dc817e2ad2388ae9a06a90e227c70a09e46.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ