General
-
Target
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51
-
Size
501KB
-
Sample
240529-hhpzpsef45
-
MD5
bf55c921b638ddf41a5120c90fe5f211
-
SHA1
6a96dd8be36381d71eb7dac5f7a053064b546487
-
SHA256
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51
-
SHA512
a3d91c51eb3bd59792f6cca32def989b4d069e489dcb74263f5f629fe300f4074b1a7d8a7a64410d7efc992e1d332108147aa0b2611e0777358749d7adfac166
-
SSDEEP
12288:bGlEhiu/o/eXUG8nfBG5K92Qg+fgFfwjUKWXNDtn0lF620D4JNuq6JFcP:bGei/mUNaK9259wjU3dt0lF6264JArJs
Static task
static1
Behavioral task
behavioral1
Sample
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Program Files (x86)\!nissenvelten!HOW_TO_RESTORE.log
rook
Targets
-
-
Target
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51
-
Size
501KB
-
MD5
bf55c921b638ddf41a5120c90fe5f211
-
SHA1
6a96dd8be36381d71eb7dac5f7a053064b546487
-
SHA256
1a130d16a9e828cccb6a2135cbd7f1615219979612e0bae67cbe7c9a9606cf51
-
SHA512
a3d91c51eb3bd59792f6cca32def989b4d069e489dcb74263f5f629fe300f4074b1a7d8a7a64410d7efc992e1d332108147aa0b2611e0777358749d7adfac166
-
SSDEEP
12288:bGlEhiu/o/eXUG8nfBG5K92Qg+fgFfwjUKWXNDtn0lF620D4JNuq6JFcP:bGei/mUNaK9259wjU3dt0lF6264JArJs
Score10/10-
Renames multiple (7075) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-