General
-
Target
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.7z
-
Size
577KB
-
Sample
240724-t3lnkawdjn
-
MD5
7cc07197515a7d3a56ebea4c6239d216
-
SHA1
1cd02ab0bd86fe78f5c2765020861e46bdf0593b
-
SHA256
617a0ef26dacf4c492487684212684360431f39c8e69748ba74dab77109b4a1e
-
SHA512
1639c403dee829039c997835776fcabb3fb76f9a8f3f825600ec3a6493729b8fe4a7bc7bdeebae0bfbf401bd62c356c2b5a84777bf8ca45ff2d6751401ac65e8
-
SSDEEP
12288:2zhcvYAV9wRl962IKl40FfZGsmLmAt0HqsFOTDuIAXSIMn0CWbnAxc/e:2zhg9w0S40KsmLhqj6gHK0CW7Er
Static task
static1
Behavioral task
behavioral1
Sample
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.exe
Resource
win10-20240611-en
Malware Config
Extracted
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ar-ae\readme.txt
dearcry
Targets
-
-
Target
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.exe
-
Size
1.3MB
-
MD5
0e55ead3b8fd305d9a54f78c7b56741a
-
SHA1
f7b084e581a8dcea450c2652f8058d93797413c3
-
SHA256
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
-
SHA512
5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa
-
SSDEEP
24576:LU5NX2yJOiUXmEICxu2WAP0NIzkQM+KpPRQ9StIUDpl1fpxkHVZgMCS+:L7XP7P9o5QzUtl1fpxkHVZgMC3
-
Renames multiple (5822) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-