General
-
Target
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474
-
Size
7.8MB
-
Sample
241114-e7mdbsvclf
-
MD5
822b2cb104c5346ae0b4c3b0e74a4fd4
-
SHA1
f2059bc2f0f6d78530a7f9e0d17f6153f3501773
-
SHA256
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474
-
SHA512
41a5f514bdc75b4eb8ad42f23ac5d530ac72bfbd7ccd7ce09664af1c08c6ae3f33a508fc54c1ad6768b1494fee2dba9a4c69fe3293a4cdb76bbded9df2f26cc0
-
SSDEEP
49152:91Bu60nMqfFLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOuw:Oos45gaHrhdw3D7nTsReRR9e
Static task
static1
Behavioral task
behavioral1
Sample
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474
-
Size
7.8MB
-
MD5
822b2cb104c5346ae0b4c3b0e74a4fd4
-
SHA1
f2059bc2f0f6d78530a7f9e0d17f6153f3501773
-
SHA256
fb8ddcec1987012c4798cbb59e4cfc3a91b1a4937c1b630c84d3194679914474
-
SHA512
41a5f514bdc75b4eb8ad42f23ac5d530ac72bfbd7ccd7ce09664af1c08c6ae3f33a508fc54c1ad6768b1494fee2dba9a4c69fe3293a4cdb76bbded9df2f26cc0
-
SSDEEP
49152:91Bu60nMqfFLHyT+a0rNo7IcyO82MzufjWJA6ongaHLvKLA8VgbKW2llxobcJOuw:Oos45gaHrhdw3D7nTsReRR9e
Score9/10-
Renames multiple (316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-