General
-
Target
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e.exe
-
Size
2.3MB
-
Sample
250223-c3mgesvrbk
-
MD5
7ffcd536703e1b316251cbf1047ef5f6
-
SHA1
c9e00a62948da23bf1711dcd92be5923b46e8f06
-
SHA256
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e
-
SHA512
1afe7092c6bca24a18243567d1c3a375db460eedfd793c4c98eb0b3cffc330cc04ba8fb51f781a903b19a40dbc267a7438bf55e9957a1a24b4deed2b4ffba033
-
SSDEEP
24576:O2J4athJA6I+Prz+nGXIG1lPzHnhk59yjEGdi04J2ksswOapyCP5WecI:O2qa3ZI+Pv+GXjD25EnewO5CBW
Static task
static1
Behavioral task
behavioral1
Sample
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e.exe
Resource
win10v2004-20250217-en
Malware Config
Targets
-
-
Target
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e.exe
-
Size
2.3MB
-
MD5
7ffcd536703e1b316251cbf1047ef5f6
-
SHA1
c9e00a62948da23bf1711dcd92be5923b46e8f06
-
SHA256
84715cf1d82e5139d39d8aadb9580ba80393dfa0f63fa14974e4f74a3e69752e
-
SHA512
1afe7092c6bca24a18243567d1c3a375db460eedfd793c4c98eb0b3cffc330cc04ba8fb51f781a903b19a40dbc267a7438bf55e9957a1a24b4deed2b4ffba033
-
SSDEEP
24576:O2J4athJA6I+Prz+nGXIG1lPzHnhk59yjEGdi04J2ksswOapyCP5WecI:O2qa3ZI+Pv+GXjD25EnewO5CBW
-
Renames multiple (24519) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-