General
-
Target
ransomware.exe
-
Size
28.5MB
-
Sample
241031-cgr5saxcmr
-
MD5
1043f4a46c1e9a104751e84a6e6e76f8
-
SHA1
810f280dd554abc962a55b3531ade973360df8b3
-
SHA256
529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4
-
SHA512
766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a
-
SSDEEP
786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE
Behavioral task
behavioral1
Sample
ransomware.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ransomware.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ransomware.exe
-
Size
28.5MB
-
MD5
1043f4a46c1e9a104751e84a6e6e76f8
-
SHA1
810f280dd554abc962a55b3531ade973360df8b3
-
SHA256
529f38f3397fe281d5a0c1030d474902989f7ca79a7ca1bcab1fcafe27bf6ad4
-
SHA512
766158c5a767f8529e8d18fbb1ccc263703b5e48c51e6be8591970e83cf340f9c9ab4d82964457706643abea1544ab52f76b0dbeaa4af5e05a7a719c86b2949a
-
SSDEEP
786432:xwgoW8kHhyVmdG+nUU0sc6yL2WEsOd9NZ0YmxEm:27W5hyVQGsOX6yiWUcxE
-
Renames multiple (26025) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Drops file in System32 directory
-