General
-
Target
150016___Enc.exe
-
Size
146KB
-
Sample
241111-3tznhaymez
-
MD5
06f96cb31a2b655835130a09387fb401
-
SHA1
bb27f7e6cb3102c017c44a5bf8d86c16641e593b
-
SHA256
f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053
-
SHA512
2caeba7d1404019e2d378abed794b97dd4d14c646c51d6a9950cd6b677afdcf10f7263469f725d23251e11fa0913f5126743c6255d0c32f1583dcbf1c7c13744
-
SSDEEP
1536:jzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD11h0i9TJmr7kZd9V78ny3OxTIT:8qJogYkcSNm9V7D1pTJmr7ksy4IT
Behavioral task
behavioral1
Sample
150016___Enc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
150016___Enc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\xEJOHNVZF.README.txt
https://t.me/AzureShard
Targets
-
-
Target
150016___Enc.exe
-
Size
146KB
-
MD5
06f96cb31a2b655835130a09387fb401
-
SHA1
bb27f7e6cb3102c017c44a5bf8d86c16641e593b
-
SHA256
f4fb0f2ae098850f2a8ffb771ae4c6c8aaa81144fe53228a2c01df2d34307053
-
SHA512
2caeba7d1404019e2d378abed794b97dd4d14c646c51d6a9950cd6b677afdcf10f7263469f725d23251e11fa0913f5126743c6255d0c32f1583dcbf1c7c13744
-
SSDEEP
1536:jzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD11h0i9TJmr7kZd9V78ny3OxTIT:8qJogYkcSNm9V7D1pTJmr7ksy4IT
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (7757) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-