General
-
Target
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N
-
Size
3.5MB
-
Sample
241106-hdjxwswfjl
-
MD5
ccb4828e7ff72822563feb3eb9114340
-
SHA1
313a06b897687212dba984f99a71601dcc05e422
-
SHA256
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1
-
SHA512
7bd5650f33933352b81b5a420aa9666907b8365f38c18616b3c1586e5d405fb8c46fc89d3988a8e6e5b77dfd5dc2f8e1e2962aa3b7c153939af488ec3ceacf06
-
SSDEEP
49152:9NkEaSgO5QH6fFf75PwLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:BaZ2/wLK3BDhtvS0Hpe4zbpaAKL
Static task
static1
Behavioral task
behavioral1
Sample
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1N
-
Size
3.5MB
-
MD5
ccb4828e7ff72822563feb3eb9114340
-
SHA1
313a06b897687212dba984f99a71601dcc05e422
-
SHA256
efd8732e3f5b8c27e1f2105cdbec40d08da071b5fc28e28933d31af336cd70c1
-
SHA512
7bd5650f33933352b81b5a420aa9666907b8365f38c18616b3c1586e5d405fb8c46fc89d3988a8e6e5b77dfd5dc2f8e1e2962aa3b7c153939af488ec3ceacf06
-
SSDEEP
49152:9NkEaSgO5QH6fFf75PwLKkLJU9nU2foKhA4vSWidGHp+NDGQUzbpDOfjxAkrL:BaZ2/wLK3BDhtvS0Hpe4zbpaAKL
Score9/10-
Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-