Static task
static1
Behavioral task
behavioral1
Sample
5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.exe
Resource
win10v2004-20240508-en
General
-
Target
5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.bin
-
Size
208KB
-
MD5
12bc78e07cb69dd6ec32729240dbe537
-
SHA1
7b7d9b115ec10074f7166ec3379fead6e816da59
-
SHA256
5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9
-
SHA512
c974592671b081d0af48c1aab9f9f02243773a081d9fadf70e3caa7454dca657b45bece27852397e74f601df1abdf5db496c821a5df624057355fd15c807e15a
-
SSDEEP
3072:GXbUMNAwQ2Jpo/AkQCUyevi8xRpz81NADJ2:ibUMKwQ2J4ReviSjeKN
Malware Config
Signatures
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.bin
Files
-
5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9.bin.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 202KB - Virtual size: 201KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ