General
-
Target
xxx.exe
-
Size
148KB
-
Sample
250424-ry6rtsxpv9
-
MD5
396443e02532fb4a5da590188b708548
-
SHA1
202307528cfd6cc5d35d3d459f9fbe714ac8937c
-
SHA256
de96af271bf52bdcecaaf555a711f8a1397ed4b8be0d9c16f483253d29deaf62
-
SHA512
4191d5a05f43698e1901a63b5b7bef3a783277835c3005587ebbb768cf70d3d20c298fc6dc000978134346c43e6efb0c1823be66b699fb52c676bc795c2fb62b
-
SSDEEP
3072:y6glyuxE4GsUPnliByocWepqvKQoWQqcd:y6gDBGpvEByocWeovK2bcd
Behavioral task
behavioral1
Sample
xxx.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
xxx.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\HPvdi8peh.README.txt
Extracted
C:\HPvdi8peh.README.txt
Targets
-
-
Target
xxx.exe
-
Size
148KB
-
MD5
396443e02532fb4a5da590188b708548
-
SHA1
202307528cfd6cc5d35d3d459f9fbe714ac8937c
-
SHA256
de96af271bf52bdcecaaf555a711f8a1397ed4b8be0d9c16f483253d29deaf62
-
SHA512
4191d5a05f43698e1901a63b5b7bef3a783277835c3005587ebbb768cf70d3d20c298fc6dc000978134346c43e6efb0c1823be66b699fb52c676bc795c2fb62b
-
SSDEEP
3072:y6glyuxE4GsUPnliByocWepqvKQoWQqcd:y6gDBGpvEByocWeovK2bcd
Score10/10-
Renames multiple (696) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-