General
-
Target
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
-
Size
145KB
-
Sample
240314-erx5wscd63
-
MD5
34e55b241ba3693f35112330357a8edf
-
SHA1
5fb869a2d2f3de24e756c576f022781c4b74598e
-
SHA256
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
-
SHA512
d3014fb73ad252eb94fd514a3b8e897eb3df93dfc217f8ee21c0e7d038fd98702005ea0edb849987ff271472fa5ea2d655176acb3e059325f268bb8ca76a7053
-
SSDEEP
3072:u6glyuxE4GsUPnliByocWepfVxexiPIIV:u6gDBGpvEByocWepeYV
Behavioral task
behavioral1
Sample
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
-
Size
145KB
-
MD5
34e55b241ba3693f35112330357a8edf
-
SHA1
5fb869a2d2f3de24e756c576f022781c4b74598e
-
SHA256
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e
-
SHA512
d3014fb73ad252eb94fd514a3b8e897eb3df93dfc217f8ee21c0e7d038fd98702005ea0edb849987ff271472fa5ea2d655176acb3e059325f268bb8ca76a7053
-
SSDEEP
3072:u6glyuxE4GsUPnliByocWepfVxexiPIIV:u6gDBGpvEByocWepeYV
Score9/10-
Renames multiple (356) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-