General
-
Target
22ff4b883468f0b2b21b2c50d5ca5bd9.bin
-
Size
28KB
-
Sample
240209-bwcg7sfd97
-
MD5
90255ae1646ecba250ab9ca42a4edc48
-
SHA1
bddeef1b3cfbe118e6add46891a8cc7ca751f31f
-
SHA256
b07f583e8617d0e4faa3982b5613cda10db48a28c4d9909bae93ccafec153e74
-
SHA512
0a810e6ed2b9b6af8cd78142591f58f7b0d1dae13b33f50bd3706f660aa150d28c1d22fe1e43e5e248a1366285fe853f6c787e963aea3e0cc2b392f5609e5a3c
-
SSDEEP
768:bjTayKkchH+P4260n3+5j7LitHzGS/YtMzM8v:P2jheDnuJitHbU8v
Static task
static1
Behavioral task
behavioral1
Sample
d9135507e8dbcf15a852ec34623ea6b6d633e10032c94f187ef357ba821af893.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d9135507e8dbcf15a852ec34623ea6b6d633e10032c94f187ef357ba821af893.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Public\Music\Sample Music\how_to_back_files.html
Extracted
C:\ProgramData\regid.1991-06.com.microsoft\how_to_back_files.html
Targets
-
-
Target
d9135507e8dbcf15a852ec34623ea6b6d633e10032c94f187ef357ba821af893.exe
-
Size
53KB
-
MD5
22ff4b883468f0b2b21b2c50d5ca5bd9
-
SHA1
e34f09cf8f1416ab4611a6a18ff99281fad93c70
-
SHA256
d9135507e8dbcf15a852ec34623ea6b6d633e10032c94f187ef357ba821af893
-
SHA512
9b37dff34d3ceca993bebda8e6d3f4f4a361af65ec6bdde4be54021be2dc48c176aa0b0ef2bae8433ca2957d5e3c28fe448465c3f816a5ee36a5d395bd8f4405
-
SSDEEP
1536:oWOeytM3alnawrRIwxVSHMweio36l990:oWOey23alnaEIN/W6lA
Score10/10-
Renames multiple (7515) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-