General
-
Target
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d.exe
-
Size
17KB
-
Sample
250115-s2f61sykfj
-
MD5
0e1cbce00abf322c5e98afb2e6c46998
-
SHA1
6b8da7d766f60543b56c51c71e942a3f61c74cf2
-
SHA256
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d
-
SHA512
84a3affe519ee98529d0a83c320457fb575d9dbe39a8ec9b215a2a6cffc0140b3f1bfce85f529632a05d39fac5acaa227ea508661e73d2513ea44a7dfcbbaf0f
-
SSDEEP
384:Rb6E0oXQ0uZ9QuxdMhNLfDLTRFPB31PQQBLRLyEWVdbrlHswr9p:ROG/ujWvXD71F8vlHpr9p
Static task
static1
Behavioral task
behavioral1
Sample
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d.exe
-
Size
17KB
-
MD5
0e1cbce00abf322c5e98afb2e6c46998
-
SHA1
6b8da7d766f60543b56c51c71e942a3f61c74cf2
-
SHA256
e17bfe60dea579699f67bd70e7e49aba582f5ff2337ca38d78dba650edd5ba3d
-
SHA512
84a3affe519ee98529d0a83c320457fb575d9dbe39a8ec9b215a2a6cffc0140b3f1bfce85f529632a05d39fac5acaa227ea508661e73d2513ea44a7dfcbbaf0f
-
SSDEEP
384:Rb6E0oXQ0uZ9QuxdMhNLfDLTRFPB31PQQBLRLyEWVdbrlHswr9p:ROG/ujWvXD71F8vlHpr9p
-
Renames multiple (283) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1