General
-
Target
2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
-
Size
108KB
-
Sample
250115-25d1hayqev
-
MD5
662593328e911803af64d886b6ae60eb
-
SHA1
43712ea209da9f0ae47a3a5a87fef061a1e74a45
-
SHA256
2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
-
SHA512
208c98ed4373ae9523b8081a4c637860c79c6c89ea5595a6bc59ab2a551066d7524bbbe36fb605191526b2cd651a3ad0d85ad2a8326aaa01e1a4d2126ffe652a
-
SSDEEP
1536:V7Zf/FAxTWoJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM5QOVhFVh6Jb1Jb3rh:fny1tEyyj2yAeCgjJRDFDqrh
Behavioral task
behavioral1
Sample
2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe
Resource
win10ltsc2021-20250113-en
Malware Config
Targets
-
-
Target
2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
-
Size
108KB
-
MD5
662593328e911803af64d886b6ae60eb
-
SHA1
43712ea209da9f0ae47a3a5a87fef061a1e74a45
-
SHA256
2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
-
SHA512
208c98ed4373ae9523b8081a4c637860c79c6c89ea5595a6bc59ab2a551066d7524bbbe36fb605191526b2cd651a3ad0d85ad2a8326aaa01e1a4d2126ffe652a
-
SSDEEP
1536:V7Zf/FAxTWoJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM5QOVhFVh6Jb1Jb3rh:fny1tEyyj2yAeCgjJRDFDqrh
-
Renames multiple (13556) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1