General
-
Target
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5
-
Size
145KB
-
Sample
240314-ev7thace48
-
MD5
f6bcf480cc1e928ab55ad9c3310919e6
-
SHA1
dc21c53fee3dd49773fd2bd145ef57760b564b6b
-
SHA256
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5
-
SHA512
cdc42149b920a6109628c8a3f328c6d1dd5a279cbe860dc538cd7699f0234741c6429bac86e4ae52b716168942e187eaa4b314597d1b5d8963b34640c78fc526
-
SSDEEP
3072:wqJogYkcSNm9V7DNgrogsqLnwYskVnSlT:wq2kc4m9tD6ZVn
Behavioral task
behavioral1
Sample
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5
-
Size
145KB
-
MD5
f6bcf480cc1e928ab55ad9c3310919e6
-
SHA1
dc21c53fee3dd49773fd2bd145ef57760b564b6b
-
SHA256
92ebb2dce3e8f3d0e919c0342fdbe9a37d672a0cca6b105395745ebc783de6e5
-
SHA512
cdc42149b920a6109628c8a3f328c6d1dd5a279cbe860dc538cd7699f0234741c6429bac86e4ae52b716168942e187eaa4b314597d1b5d8963b34640c78fc526
-
SSDEEP
3072:wqJogYkcSNm9V7DNgrogsqLnwYskVnSlT:wq2kc4m9tD6ZVn
Score9/10-
Renames multiple (7728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-