General
-
Target
13916d6b1fddb42f3146b641d37f3a69b491f183146e310aa972dd469e3417bf.zip
-
Size
102KB
-
Sample
240827-npnywazgjp
-
MD5
82391340acd371ab99136320ed132dbf
-
SHA1
e88bf6c24134dc19f4df7f8443a9e31d84c93ce6
-
SHA256
6f640c50c4995890bb6f4243695caed28b7907d244800526fac18747a6766b05
-
SHA512
875b96f8e89b68896e212a295a1963ffd71c69a2ed520ec1b750ad76bab87e343e1a6374a6655f7f4685425ea8c9823651f22bec56b3a7e531fba0fbd03f2351
-
SSDEEP
3072:ziydFuRNC5ShkrmPVfE90wPZhExBErerQwxjq6X9q:zi7RQSLVE90yZhExBolmjP4
Behavioral task
behavioral1
Sample
Document.doc.scr
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Document.doc.scr
-
Size
194KB
-
MD5
ae811bd6440b425e6777f0ca001a9743
-
SHA1
70902540ead269971e149eaff568fb17d04156af
-
SHA256
86e17aa882c690ede284f3e445439dfe589d8f36e31cbc09d102305499d5c498
-
SHA512
3617d8e77c221525125778cf64f2525136f7958766f5bed0fd7bfe00e7f738017d2840972acc628e4c3471b93cf6d52ccd619f49bdbbcff824c12cac8e1ea88e
-
SSDEEP
3072:a6glyuxE4GsUPnliByocWepiHkZmlkQIQP6fo:a6gDBGpvEByocWeQwLAPm
-
Renames multiple (650) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-