General
-
Target
acbf4096bfa21862f00e9a20ab855596
-
Size
291KB
-
Sample
240228-yyweescf7z
-
MD5
acbf4096bfa21862f00e9a20ab855596
-
SHA1
37c046a1f3741096c61a9932b80a11f32cd44378
-
SHA256
2aca8228ee3f8641d4d2dadd4c1ec2fbf139d828bfbf6f0a2f6ef0bd5e2915a8
-
SHA512
639af5bf615812ff28478a480637e2a39cbe5733078b5926ceb4886d866af6d2e2908f1ddecedf2afd670cdbf852319942ae42ada534fe1bb8ed3b0ea48e76ac
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvR:5MMpXKb0hNGh1kG0HWnALb
Behavioral task
behavioral1
Sample
acbf4096bfa21862f00e9a20ab855596.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
acbf4096bfa21862f00e9a20ab855596.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
acbf4096bfa21862f00e9a20ab855596
-
Size
291KB
-
MD5
acbf4096bfa21862f00e9a20ab855596
-
SHA1
37c046a1f3741096c61a9932b80a11f32cd44378
-
SHA256
2aca8228ee3f8641d4d2dadd4c1ec2fbf139d828bfbf6f0a2f6ef0bd5e2915a8
-
SHA512
639af5bf615812ff28478a480637e2a39cbe5733078b5926ceb4886d866af6d2e2908f1ddecedf2afd670cdbf852319942ae42ada534fe1bb8ed3b0ea48e76ac
-
SSDEEP
6144:LiMmXRH6pXfSb0ceR/VFAHh1kgcs0HW1kyApHhP+gDzvR:5MMpXKb0hNGh1kG0HWnALb
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-