General
-
Target
HEUR-Trojan-Ransom.Win32.Generic-30ccdb8b209993e704303f2771d22d9d7812d8a6c71dc9cb6abdaf46180ddb8d.7z
-
Size
386KB
-
Sample
250501-2bbchsznw5
-
MD5
d37ea411d381c4063db96751d2ea8eb1
-
SHA1
bb44033f2d36fc164c93c496629a255a07f00702
-
SHA256
753dcb80e1f2430f2a9cc3abeb242a171adb171b67b573a58ef274e36420a95d
-
SHA512
ccbe4cb5ece7349d6d662498749b1cebc3dc3c55468e9b71408c0a008ec65133b68635284d70d4c2b69c0c032d9411ca9227412c961dbabbc40c7ccc89535087
-
SSDEEP
6144:flOrYUm+tUgHkN4ecPcQ+2OHx4gLw0wxn04xnfN3ioK91mf8Ui11ioLBwt8iNto6:f0rPm+fiwcK0LmxdfNS74f8t11VVUvFp
Static task
static1
Behavioral task
behavioral1
Sample
HEUR-Trojan-Ransom.Win32.Generic-30ccdb8b209993e704303f2771d22d9d7812d8a6c71dc9cb6abdaf46180ddb8d.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
HEUR-Trojan-Ransom.Win32.Generic-30ccdb8b209993e704303f2771d22d9d7812d8a6c71dc9cb6abdaf46180ddb8d.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
HEUR-Trojan-Ransom.Win32.Generic-30ccdb8b209993e704303f2771d22d9d7812d8a6c71dc9cb6abdaf46180ddb8d.exe
-
Size
1.0MB
-
MD5
dba618b1860f4c2d03fcbddf9f65d760
-
SHA1
424092dad83f789c8daa00374f77f2bde5bbde86
-
SHA256
30ccdb8b209993e704303f2771d22d9d7812d8a6c71dc9cb6abdaf46180ddb8d
-
SHA512
7553ba57e3987eeed2e09f5e8ec4db54f503b44e1352402d3f5a5be8468bac9000946a48e9a4ccb8e9bef7fcb630636a038fdad16103239a1b16478229b1f88a
-
SSDEEP
12288:V10Q+GguNGz42sfeMt5Q03QwE6YVTAv7QgW65o9Y+e2zehlWOR1y/KR:X9+Ggusz4RfebccVTc5n50vvo1
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Creates new service(s)
-
Stops running service(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Impair Defenses
1Indicator Removal
2File Deletion
2