General
-
Target
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed
-
Size
57KB
-
Sample
240327-j21e8aga74
-
MD5
c9787298b457ea192a92a3ad87241cc0
-
SHA1
c29fb65ebe6134313cb744b3d0e288bfef93163e
-
SHA256
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed
-
SHA512
d88951466191ebe4b53981dbbb42889b3613a1574f51871b20191abe5867d1c647b19bddf1e4959ca42d2784a6c9f535e767a9938b8d6ecae08c61780b9e6f52
-
SSDEEP
1536:ajkfV+KJolntwrbDSTWvTwhQMhmpdLWTQZP:a4fIKJolntGDT5qm3L4w
Static task
static1
Behavioral task
behavioral1
Sample
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Public\Videos\how_to_back_files.html
Extracted
C:\Users\Public\Videos\how_to_back_files.html
Targets
-
-
Target
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed
-
Size
57KB
-
MD5
c9787298b457ea192a92a3ad87241cc0
-
SHA1
c29fb65ebe6134313cb744b3d0e288bfef93163e
-
SHA256
b1d5de9be399b181dc0e78fec870aac448548440e7529d8c5e1a95192733f2ed
-
SHA512
d88951466191ebe4b53981dbbb42889b3613a1574f51871b20191abe5867d1c647b19bddf1e4959ca42d2784a6c9f535e767a9938b8d6ecae08c61780b9e6f52
-
SSDEEP
1536:ajkfV+KJolntwrbDSTWvTwhQMhmpdLWTQZP:a4fIKJolntGDT5qm3L4w
Score10/10-
Renames multiple (2271) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-