General
-
Target
testfile.zip
-
Size
82KB
-
Sample
240601-yqb1tadd6w
-
MD5
bf2cf5d8d355f5e7224ce1ef7162cfff
-
SHA1
4c9a0905e321a3408f57d7185523436b53f10889
-
SHA256
fabd01e17d924cc53a03764de36da2e2091cd5360763c69ca040eafc01cc6ada
-
SHA512
2cf7f20e21390bed7c8d7d17668ac5f056dd6e24eb29461175f4ae21decc556c4c168a8d8e1aacebec2062f79bd9eb587239b124bb0f8388ed696d2cf48a5939
-
SSDEEP
1536:NmUnqaYAawEtSNvuGatKweTm1NJcZdyVapZBvG1UODsk1ngm7LaPLO6TAXUlnu:NFnjoiGn4fu8yGBBUhgm7ePVTAXmu
Static task
static1
Behavioral task
behavioral1
Sample
win.exe
Resource
win11-20240508-en
Malware Config
Extracted
F:\INC-README.txt
http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/
http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/
http://incapt.su/
https://twitter.com/hashtag/incransom?f=live
http://incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion/
Extracted
F:\INC-README.html
https://twitter.com/hashtag/incransom?f=live</span>
Targets
-
-
Target
win.exe
-
Size
161KB
-
MD5
e402c9df4aab1d1cff83ec8ba11a4bc7
-
SHA1
9b7e46195d23b5efcd9f176c278e7a873138f6f5
-
SHA256
7f104a3dfda3a7fbdd9b910d00b0169328c5d2facc10dc17b4378612ffa82d51
-
SHA512
86f0ecb80a8655f9e4d297ae0eb04644a61b2de210d0ceccd2dbf2498ce68e603f3e659621175785f533ac66d798cf6d947669cc5302c32898999f1241a42295
-
SSDEEP
3072:YduKWsRRjHRvsfdO3Q+rSBPJasYIeuvnaEkZSc5:bYjHiqrrTwWUc5
Score10/10-
Renames multiple (309) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-