General
-
Target
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53
-
Size
104KB
-
Sample
240525-azhmysgg55
-
MD5
0238cbecd6d7dd2f3862916583bf27e3
-
SHA1
9e4a2d779425e96d64d5857bf2854730cbc7f177
-
SHA256
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53
-
SHA512
2490b59c43a42d0ed4a6efe93e754a43fba9108524cc48eef586388b68ff00a5723a94425b9098f25dc6635dfb4969d72f0c21a2e0fd73a322b878c0028d1832
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8yiUTWn1++PJHJXA/OsIZfzc3/Q8yi7:KQSoBQSo2
Behavioral task
behavioral1
Sample
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53
-
Size
104KB
-
MD5
0238cbecd6d7dd2f3862916583bf27e3
-
SHA1
9e4a2d779425e96d64d5857bf2854730cbc7f177
-
SHA256
8e864249bb4821e633374d2380bb22ec844be328dd476d62b7684394a3dd7f53
-
SHA512
2490b59c43a42d0ed4a6efe93e754a43fba9108524cc48eef586388b68ff00a5723a94425b9098f25dc6635dfb4969d72f0c21a2e0fd73a322b878c0028d1832
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8yiUTWn1++PJHJXA/OsIZfzc3/Q8yi7:KQSoBQSo2
Score9/10-
Renames multiple (4364) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-