Behavioral task
behavioral1
Sample
375de06b1f16dd7441ce7fe16ece78386d2999960d73ec7de82150aa55a848f7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
375de06b1f16dd7441ce7fe16ece78386d2999960d73ec7de82150aa55a848f7.exe
Resource
win10v2004-20231222-en
General
-
Target
375de06b1f16dd7441ce7fe16ece78386d2999960d73ec7de82150aa55a848f7.exe
-
Size
26KB
-
MD5
6950f40b3f06e3eab427c880a10e3abf
-
SHA1
4983f334780418448e37164064eed72abd67917a
-
SHA256
1034554b0e6de593f102159731cf92fd88b2cfbd7065fa042cf4b41b4472333a
-
SHA512
80ea2c39cb7dc87138699752b31234e6b38717edc11f4713361d816e72faf76c6e2d503782a4af299af3d7c51b26c7ee4c44c8091cd07e79692eb921b07dc47f
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qab5hxDG6j0:5OElB6sc9GabXxDzj0
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
resource yara_rule sample family_chaos -
Chaos family
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 375de06b1f16dd7441ce7fe16ece78386d2999960d73ec7de82150aa55a848f7.exe
Files
-
375de06b1f16dd7441ce7fe16ece78386d2999960d73ec7de82150aa55a848f7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ