General
-
Target
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183.exe
-
Size
103KB
-
Sample
240822-lfsvcssdrk
-
MD5
72df7fd0854935ba0b5e07f723589392
-
SHA1
d628cb84d232f83dcd291e43ff079fb481290a7d
-
SHA256
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183
-
SHA512
12dfc847064842207c3b87119145fb50ebd647f9eb6ef997ad47c1f5e451f2f2033635169aed28a8f6288f718fbce56d8a67c2178dd26dc016de52bed2520e67
-
SSDEEP
3072:vomnzVincQDKgcp3bsOW+NMY7sDti0dP0L0nLn:vtZVsyNMYytiFL4j
Static task
static1
Behavioral task
behavioral1
Sample
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\wow64_microsoft-windows-v..lpc-vmsal.resources_31bf3856ad364e35_7.1.7601.17514_es-es_d44d8fd5b93ba0a5\readme-warning.txt
makop
Targets
-
-
Target
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183.exe
-
Size
103KB
-
MD5
72df7fd0854935ba0b5e07f723589392
-
SHA1
d628cb84d232f83dcd291e43ff079fb481290a7d
-
SHA256
2aae8c4c79d6332be6f899936c662326250d402f13b1ef85f930d61d4179e183
-
SHA512
12dfc847064842207c3b87119145fb50ebd647f9eb6ef997ad47c1f5e451f2f2033635169aed28a8f6288f718fbce56d8a67c2178dd26dc016de52bed2520e67
-
SSDEEP
3072:vomnzVincQDKgcp3bsOW+NMY7sDti0dP0L0nLn:vtZVsyNMYytiFL4j
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
0063d48afe5a0cdc02833145667b6641
-
SHA1
e7eb614805d183ecb1127c62decb1a6be1b4f7a8
-
SHA256
ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
-
SHA512
71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
-
SSDEEP
192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score3/10 -