General
-
Target
d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2
-
Size
585KB
-
Sample
240304-x69rcabh83
-
MD5
e2825e7c7cec068e2a14dff6087d956b
-
SHA1
426c473ce7b87c9d8c4d4d07b9646f86d0fd5892
-
SHA256
d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2
-
SHA512
86800d7bee17fe34ad155b7990b9946869f81dd7bc091d461e0c81017451de39af894b94118894e0b2315dae76285afc0cf72c499873f0e261c9a7dc778c6c86
-
SSDEEP
12288:fhWnOwCahtHVzvBH3WkicjnIxfYkOiylMQnk53MF7N3N3oSb:fIdCet1bBH3B1nIxfYDNm1pMFhr
Behavioral task
behavioral1
Sample
d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2
-
Size
585KB
-
MD5
e2825e7c7cec068e2a14dff6087d956b
-
SHA1
426c473ce7b87c9d8c4d4d07b9646f86d0fd5892
-
SHA256
d24afb6a82b6b4b2d08f2fa51eaa214371350534dc9af826e5a31f48fc8da7e2
-
SHA512
86800d7bee17fe34ad155b7990b9946869f81dd7bc091d461e0c81017451de39af894b94118894e0b2315dae76285afc0cf72c499873f0e261c9a7dc778c6c86
-
SSDEEP
12288:fhWnOwCahtHVzvBH3WkicjnIxfYkOiylMQnk53MF7N3N3oSb:fIdCet1bBH3B1nIxfYDNm1pMFhr
-
Renames multiple (8492) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Drops file in System32 directory
-