General
-
Target
LewdFiles.exe
-
Size
201.8MB
-
Sample
250529-26nw4azmw4
-
MD5
0940873dd555dcf23a1e6be0f3330710
-
SHA1
7a2f4f0af5c4f8a86f09868f3700cc92b19beb4a
-
SHA256
ad3a01d9216e21c308e0a3253ce568359962ab4dd1e551dd2afc4b1b4f9911f1
-
SHA512
a0820f630245e1672422dd35e29ac4cbba9ffb46fc803b549aad27d8f701fbb1209cb71af5a11130755d27818079285035a8bfd26e02002aa2e196b57d3396ee
-
SSDEEP
6291456:7dI929x75xido4bYY736wazwFZMjqYJ3MpTto:7O2TdxixZZazwZMjN3mTt
Static task
static1
Behavioral task
behavioral1
Sample
LewdFiles.exe
Resource
win10ltsc2021-20250425-en
Malware Config
Targets
-
-
Target
LewdFiles.exe
-
Size
201.8MB
-
MD5
0940873dd555dcf23a1e6be0f3330710
-
SHA1
7a2f4f0af5c4f8a86f09868f3700cc92b19beb4a
-
SHA256
ad3a01d9216e21c308e0a3253ce568359962ab4dd1e551dd2afc4b1b4f9911f1
-
SHA512
a0820f630245e1672422dd35e29ac4cbba9ffb46fc803b549aad27d8f701fbb1209cb71af5a11130755d27818079285035a8bfd26e02002aa2e196b57d3396ee
-
SSDEEP
6291456:7dI929x75xido4bYY736wazwFZMjqYJ3MpTto:7O2TdxixZZazwZMjN3mTt
-
Renames multiple (4192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1