General
-
Target
704f1.exe
-
Size
1.1MB
-
Sample
240212-xjl2rscf83
-
MD5
67dd0708a2dcbe6b7661fd5eb4593ea7
-
SHA1
3d496563984c73e129577da8ca87d3e823fdcce4
-
SHA256
704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2
-
SHA512
6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21
-
SSDEEP
24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB
Behavioral task
behavioral1
Sample
704f1.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
704f1.exe
-
Size
1.1MB
-
MD5
67dd0708a2dcbe6b7661fd5eb4593ea7
-
SHA1
3d496563984c73e129577da8ca87d3e823fdcce4
-
SHA256
704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2
-
SHA512
6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21
-
SSDEEP
24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB
-
Detects Trigona ransomware
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops desktop.ini file(s)
-