General
-
Target
a4006f211bc8fd8d90a3fe601230bcb298c235a0a975d3b0ca463b3e97de7d29
-
Size
93KB
-
Sample
240417-p1r1cafg47
-
MD5
39e3537c736661da2b4cc3ea8940d237
-
SHA1
8a287b5e6e38e1ec3b5f37876dbe1b216d26a0c2
-
SHA256
a4006f211bc8fd8d90a3fe601230bcb298c235a0a975d3b0ca463b3e97de7d29
-
SHA512
20ce5426ddee6b5102a6182e458c5d570aa4df8bafd2a1804ae0cdd8274d1fd13848c61fa475c61d5ac830341744eeb3ec38152c7199726b7e512a113696fe03
-
SSDEEP
1536:b3S8LH/u4Zwgzjzb8A00ZbFYmcQh/n53o7TGaiAMIfbzwunivl6bArjAmZ2Mf:bP24ZwkzbrZbFqQh/53o7TGalMwzlnIh
Behavioral task
behavioral1
Sample
d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe
-
Size
146KB
-
MD5
9a2e880c5c4fcbecf71014de4bbeb2db
-
SHA1
173089f18ef521b89516319117bf545d33f2e657
-
SHA256
d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418
-
SHA512
c01ee3e7898b6dda26aee4d04c4a345d2c36ba019bade775dd71330d96a37ed0594a496df18db3a2e593fd7e13f90de123f47ab33e3a8d4936501c69e7500a59
-
SSDEEP
3072:m6glyuxE4GsUPnliByocWepc8HtoTc0U7DF:m6gDBGpvEByocWeFNh0GDF
Score9/10-
Renames multiple (331) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-