General
-
Target
windows.zip
-
Size
87KB
-
Sample
241018-fbt9qs1bpm
-
MD5
6cecebc76efd45fcfa7cfbec5f383150
-
SHA1
aa6808022d241e61c0571b428763d5ad8ca81918
-
SHA256
f9bb467ddbc18aba13667abe99d2289d7c799c289aae1158e8f7460531bd56b7
-
SHA512
bb48ae282f51ef2d9361abc99841fac73124a1dd9bf1c8ffec2f44ce0ef40a0191da9ee630a05a82a1856d81a5f9f4bd9b06a8075efa0edaeb38692c1b9f9fd1
-
SSDEEP
1536:+EI0PWCSnmVULuvvUGaefV0fRNggB1h0h8rrUdA0laGqMJ+5cA4HYzbP00lh:+pGNQLuvsGaK0ZNgo88rodA0laGqMo5b
Static task
static1
Behavioral task
behavioral1
Sample
windows.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
windows.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
windows.exe
-
Size
165KB
-
MD5
31a77e0d1c1b91eebec1f7cdcc1ab8b8
-
SHA1
6732c71c51a2ad68771984231f696f6e46708297
-
SHA256
d5ca3e0e25d768769e4afda209aca1f563768dae79571a38e3070428f8adf031
-
SHA512
a984d9ca1a618699557e3180f56e73904322ad1f31183b0553b1e4c3ff367a1d036ce9df8025195b87fadb163a67d26d7904ed943aff1860a232d19b3dcc6cd3
-
SSDEEP
3072:wDv9ttA6pzarOLgSua/iw6kzgEloCGfq3lBxpN6bF9z1jTJ6NCFWQIZrV08JuuGs:wbloCGYlBxpNAFDMCFWTZrW8NGh0X++j
Score9/10-
Renames multiple (382) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-