General
-
Target
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d
-
Size
161KB
-
Sample
241122-1de8tawkbp
-
MD5
2cd3dac4b0d7eadb7746246ea86575fa
-
SHA1
a330bb81a31061b5b06d8610b828b2e5921fd03b
-
SHA256
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d
-
SHA512
28b27fd7d691f01dd5ac14797f56b93f0850dcfd6f8bc8f5ae024bac941bd1be2a7480fb55e79a3968f884495d31dfaf647244099973734b7873c9d444d02d87
-
SSDEEP
3072:YduKWsRRjHRvsfdO3Q+rSBPJasYIeuvkaEkZSc5:bYjHiqrrTDWUc5
Static task
static1
Behavioral task
behavioral1
Sample
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\INC-README.html
https://twitter.com/hashtag/incransom?f=live</span>
Extracted
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\INC-README.txt
inc_ransom
http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/
http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/
http://incapt.su/
https://twitter.com/hashtag/incransom?f=live
http://incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion/
Targets
-
-
Target
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d
-
Size
161KB
-
MD5
2cd3dac4b0d7eadb7746246ea86575fa
-
SHA1
a330bb81a31061b5b06d8610b828b2e5921fd03b
-
SHA256
9ac550187c7c27a52c80e1c61def1d3d5e6dbae0e4eaeacf1a493908ffd3ec7d
-
SHA512
28b27fd7d691f01dd5ac14797f56b93f0850dcfd6f8bc8f5ae024bac941bd1be2a7480fb55e79a3968f884495d31dfaf647244099973734b7873c9d444d02d87
-
SSDEEP
3072:YduKWsRRjHRvsfdO3Q+rSBPJasYIeuvkaEkZSc5:bYjHiqrrTDWUc5
-
Inc_ransom family
-
Renames multiple (384) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-