02a047ef...f897 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Wiper, Trojan

gjfkyfli;.exe

Windows Exe (x86-32)

Created at 2019-10-30T06:47:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x200001e): The maximum size of extracted files was exceeded. Some files may be missing in the report.

(0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

(0x200001b): The maximum number of file reputation requests per analysis (150) was exceeded.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gjfkyfli;.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 249.50 KB
MD5 58077d7b58a6fcca7912e9f346dd8c0f Copy to Clipboard
SHA1 d473f9f1dfcd5b0a84b0642f9fda384b080a712e Copy to Clipboard
SHA256 02a047ef5fda8277f79be9a666af2ca61dd163011c5544a021fe781695dff897 Copy to Clipboard
SSDeep 6144:oSwD12dl+qkgSx4TtxyAM3OWkg0IY1C+ztfSy:oSwD1ul+qkgj4u1my Copy to Clipboard
ImpHash 4dd769894247eb7cf74e783d073cf433 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2019-10-29 18:22 (UTC+1)
Last Seen 2019-10-29 20:32 (UTC+1)
Names Win32.Trojan.Genkryptik
Families Genkryptik
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x402875
Size Of Code 0xe600
Size Of Initialized Data 0x74e3600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2018-10-04 10:03:52+00:00
Version Information (2)
»
InternalName gjfkyfli;.exe
ProductVersion 2.0.6.4
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xe531 0xe600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.73
.rdata 0x410000 0x26d02 0x26e00 0xea00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.48
.data 0x437000 0x74b6f00 0x2800 0x35800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.11
.rsrc 0x78ee000 0x5128 0x5200 0x38000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.3
.reloc 0x78f4000 0x12d0 0x1400 0x3d200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.39
Imports (3)
»
KERNEL32.dll (103)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GlobalAlloc 0x0 0x410040 0x3624c 0x34c4c 0x2b3
VirtualFreeEx 0x0 0x410044 0x36250 0x34c50 0x4ed
LoadLibraryW 0x0 0x410048 0x36254 0x34c54 0x33f
_hread 0x0 0x41004c 0x36258 0x34c58 0x535
GetSystemPowerStatus 0x0 0x410050 0x3625c 0x34c5c 0x274
LeaveCriticalSection 0x0 0x410054 0x36260 0x34c60 0x339
GetFileAttributesA 0x0 0x410058 0x36264 0x34c64 0x1e5
GetNamedPipeInfo 0x0 0x41005c 0x36268 0x34c68 0x222
FindNextVolumeW 0x0 0x410060 0x3626c 0x34c6c 0x14a
GetBinaryTypeA 0x0 0x410064 0x36270 0x34c70 0x170
ReadFile 0x0 0x410068 0x36274 0x34c74 0x3c0
CreateFileW 0x0 0x41006c 0x36278 0x34c78 0x8f
CreateActCtxA 0x0 0x410070 0x3627c 0x34c7c 0x77
lstrlenW 0x0 0x410074 0x36280 0x34c80 0x54e
SetConsoleTitleA 0x0 0x410078 0x36284 0x34c84 0x447
FlushInstructionCache 0x0 0x41007c 0x36288 0x34c88 0x158
GetNamedPipeHandleStateW 0x0 0x410080 0x3628c 0x34c8c 0x221
GetDriveTypeA 0x0 0x410084 0x36290 0x34c90 0x1d2
PeekConsoleInputW 0x0 0x410088 0x36294 0x34c94 0x38c
GetLocalTime 0x0 0x41008c 0x36298 0x34c98 0x203
GetAtomNameA 0x0 0x410090 0x3629c 0x34c9c 0x16d
SetThreadPriorityBoost 0x0 0x410094 0x362a0 0x34ca0 0x49a
GetCommMask 0x0 0x410098 0x362a4 0x34ca4 0x181
SetCommMask 0x0 0x41009c 0x362a8 0x34ca8 0x424
GlobalWire 0x0 0x4100a0 0x362ac 0x34cac 0x2c6
GetModuleHandleA 0x0 0x4100a4 0x362b0 0x34cb0 0x215
SetLocaleInfoW 0x0 0x4100a8 0x362b4 0x34cb4 0x478
CompareStringA 0x0 0x4100ac 0x362b8 0x34cb8 0x61
GetCPInfoExA 0x0 0x4100b0 0x362bc 0x34cbc 0x173
DeleteFileW 0x0 0x4100b4 0x362c0 0x34cc0 0xd6
ReadConsoleOutputCharacterW 0x0 0x4100b8 0x362c4 0x34cc4 0x3bc
lstrcpyW 0x0 0x4100bc 0x362c8 0x34cc8 0x548
FlushFileBuffers 0x0 0x4100c0 0x362cc 0x34ccc 0x157
GetStringTypeW 0x0 0x4100c4 0x362d0 0x34cd0 0x269
FormatMessageA 0x0 0x4100c8 0x362d4 0x34cd4 0x15d
OutputDebugStringW 0x0 0x4100cc 0x362d8 0x34cd8 0x38a
SleepEx 0x0 0x4100d0 0x362dc 0x34cdc 0x4b5
SetConsoleActiveScreenBuffer 0x0 0x4100d4 0x362e0 0x34ce0 0x42b
SetMailslotInfo 0x0 0x4100d8 0x362e4 0x34ce4 0x479
VerSetConditionMask 0x0 0x4100dc 0x362e8 0x34ce8 0x4e4
SetConsoleTextAttribute 0x0 0x4100e0 0x362ec 0x34cec 0x446
LoadResource 0x0 0x4100e4 0x362f0 0x34cf0 0x341
GetProfileIntW 0x0 0x4100e8 0x362f4 0x34cf4 0x259
MoveFileExA 0x0 0x4100ec 0x362f8 0x34cf8 0x35f
SetComputerNameExA 0x0 0x4100f0 0x362fc 0x34cfc 0x428
GetLocaleInfoA 0x0 0x4100f4 0x36300 0x34d00 0x204
GetNativeSystemInfo 0x0 0x4100f8 0x36304 0x34d04 0x225
RemoveVectoredExceptionHandler 0x0 0x4100fc 0x36308 0x34d08 0x408
GetProcAddress 0x0 0x410100 0x3630c 0x34d0c 0x245
ExitProcess 0x0 0x410104 0x36310 0x34d10 0x119
EncodePointer 0x0 0x410108 0x36314 0x34d14 0xea
DecodePointer 0x0 0x41010c 0x36318 0x34d18 0xca
GetCommandLineW 0x0 0x410110 0x3631c 0x34d1c 0x187
RaiseException 0x0 0x410114 0x36320 0x34d20 0x3b1
RtlUnwind 0x0 0x410118 0x36324 0x34d24 0x418
IsProcessorFeaturePresent 0x0 0x41011c 0x36328 0x34d28 0x304
IsDebuggerPresent 0x0 0x410120 0x3632c 0x34d2c 0x300
GetLastError 0x0 0x410124 0x36330 0x34d30 0x202
GetModuleHandleExW 0x0 0x410128 0x36334 0x34d34 0x217
MultiByteToWideChar 0x0 0x41012c 0x36338 0x34d38 0x367
WideCharToMultiByte 0x0 0x410130 0x3633c 0x34d3c 0x511
HeapSize 0x0 0x410134 0x36340 0x34d40 0x2d4
HeapFree 0x0 0x410138 0x36344 0x34d44 0x2cf
HeapAlloc 0x0 0x41013c 0x36348 0x34d48 0x2cb
SetLastError 0x0 0x410140 0x3634c 0x34d4c 0x473
GetCurrentThreadId 0x0 0x410144 0x36350 0x34d50 0x1c5
GetProcessHeap 0x0 0x410148 0x36354 0x34d54 0x24a
GetStdHandle 0x0 0x41014c 0x36358 0x34d58 0x264
GetFileType 0x0 0x410150 0x3635c 0x34d5c 0x1f3
DeleteCriticalSection 0x0 0x410154 0x36360 0x34d60 0xd1
GetStartupInfoW 0x0 0x410158 0x36364 0x34d64 0x263
GetModuleFileNameW 0x0 0x41015c 0x36368 0x34d68 0x214
WriteFile 0x0 0x410160 0x3636c 0x34d6c 0x525
QueryPerformanceCounter 0x0 0x410164 0x36370 0x34d70 0x3a7
GetCurrentProcessId 0x0 0x410168 0x36374 0x34d74 0x1c1
GetSystemTimeAsFileTime 0x0 0x41016c 0x36378 0x34d78 0x279
GetEnvironmentStringsW 0x0 0x410170 0x3637c 0x34d7c 0x1da
FreeEnvironmentStringsW 0x0 0x410174 0x36380 0x34d80 0x161
UnhandledExceptionFilter 0x0 0x410178 0x36384 0x34d84 0x4d3
SetUnhandledExceptionFilter 0x0 0x41017c 0x36388 0x34d88 0x4a5
InitializeCriticalSectionAndSpinCount 0x0 0x410180 0x3638c 0x34d8c 0x2e3
Sleep 0x0 0x410184 0x36390 0x34d90 0x4b2
GetCurrentProcess 0x0 0x410188 0x36394 0x34d94 0x1c0
TerminateProcess 0x0 0x41018c 0x36398 0x34d98 0x4c0
TlsAlloc 0x0 0x410190 0x3639c 0x34d9c 0x4c5
TlsGetValue 0x0 0x410194 0x363a0 0x34da0 0x4c7
TlsSetValue 0x0 0x410198 0x363a4 0x34da4 0x4c8
TlsFree 0x0 0x41019c 0x363a8 0x34da8 0x4c6
GetModuleHandleW 0x0 0x4101a0 0x363ac 0x34dac 0x218
EnterCriticalSection 0x0 0x4101a4 0x363b0 0x34db0 0xee
GetConsoleCP 0x0 0x4101a8 0x363b4 0x34db4 0x19a
GetConsoleMode 0x0 0x4101ac 0x363b8 0x34db8 0x1ac
SetFilePointerEx 0x0 0x4101b0 0x363bc 0x34dbc 0x467
IsValidCodePage 0x0 0x4101b4 0x363c0 0x34dc0 0x30a
GetACP 0x0 0x4101b8 0x363c4 0x34dc4 0x168
GetOEMCP 0x0 0x4101bc 0x363c8 0x34dc8 0x237
GetCPInfo 0x0 0x4101c0 0x363cc 0x34dcc 0x172
LoadLibraryExW 0x0 0x4101c4 0x363d0 0x34dd0 0x33e
HeapReAlloc 0x0 0x4101c8 0x363d4 0x34dd4 0x2d2
LCMapStringW 0x0 0x4101cc 0x363d8 0x34dd8 0x32d
SetStdHandle 0x0 0x4101d0 0x363dc 0x34ddc 0x487
WriteConsoleW 0x0 0x4101d4 0x363e0 0x34de0 0x524
CloseHandle 0x0 0x4101d8 0x363e4 0x34de4 0x52
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMessageExtraInfo 0x0 0x4101e0 0x363ec 0x34dec 0x15a
ADVAPI32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BackupEventLogW 0x0 0x410000 0x3620c 0x34c0c 0x3b
SetFileSecurityA 0x0 0x410004 0x36210 0x34c10 0x2a9
GetSecurityDescriptorSacl 0x0 0x410008 0x36214 0x34c14 0x14d
AddAce 0x0 0x41000c 0x36218 0x34c18 0x16
InitializeSid 0x0 0x410010 0x3621c 0x34c1c 0x178
RegReplaceKeyA 0x0 0x410014 0x36220 0x34c20 0x271
ObjectCloseAuditAlarmA 0x0 0x410018 0x36224 0x34c24 0x1e9
SetSecurityDescriptorOwner 0x0 0x41001c 0x36228 0x34c28 0x2b8
RegQueryMultipleValuesA 0x0 0x410020 0x3622c 0x34c2c 0x269
GetSecurityDescriptorControl 0x0 0x410024 0x36230 0x34c30 0x147
GetSecurityDescriptorRMControl 0x0 0x410028 0x36234 0x34c34 0x14c
StartServiceCtrlDispatcherW 0x0 0x41002c 0x36238 0x34c38 0x2c8
OpenProcessToken 0x0 0x410030 0x3623c 0x34c3c 0x1f7
OpenServiceA 0x0 0x410034 0x36240 0x34c40 0x1fa
AddAccessDeniedAceEx 0x0 0x410038 0x36244 0x34c44 0x14
Memory Dumps (6)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
buffer 1 0x07DB67C0 0x07DCE90C Marked Executable - 32-bit 0x07DB67C0 False False
...
buffer 1 0x00210000 0x00228FFF First Execution - 32-bit 0x00210000 False False
...
buffer 7 0x07A06948 0x07A1EA94 Marked Executable - 32-bit 0x07A06948 False False
...
buffer 7 0x00210000 0x00228FFF First Execution - 32-bit 0x00210000 False False
...
buffer 8 0x07B06AD0 0x07B1EC1C Marked Executable - 32-bit 0x07B06AD0 False False
...
buffer 8 0x00210000 0x00228FFF First Execution - 32-bit 0x00210000 False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.32658252
Malicious
C:\BOOTSECT.BAK.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.25 KB
MD5 a662a16d199f093b29c20ba5d60fb786 Copy to Clipboard
SHA1 9ee1b9feed17e187ca54a56aaac77942223d05ba Copy to Clipboard
SHA256 6ff0366678d7d699f91aacba638cf5ce39ec7c1bc9d1f8a69e2439b9ae24735f Copy to Clipboard
SSDeep 192:npUPKUpEb5phxtL2wpAhhbnfXD3CotfdDdgKFoglY5l1X:p1MU57xt6IqtXrCotIKmgYlJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Boot\BOOTSTAT.DAT.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 64.25 KB
MD5 f214b34cef420fb8a53aa0ce0e2c562c Copy to Clipboard
SHA1 73a091db7a1b51f739c167c2fe1dab5fb7144c7d Copy to Clipboard
SHA256 5be0e58fcd64e54c6bcae46c1c9b2307fd9690f59f82bb3d37f698d12d244bfa Copy to Clipboard
SSDeep 768:qb6SeV+P+4OiCd3TZgiKUI589y2HzlBkrrYv+8eks5eQqBSkTEbshlejNQJ4WbGw:LSh+4J8CO9NTlDwUSSlXWWbNVD5nZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 a17162c9e0a632409ba99db21f4278da Copy to Clipboard
SHA1 a1af3d0ef53022865bc009e0b0fd403f95f82d4e Copy to Clipboard
SHA256 f34709c8f35b219e4b3b81740e76850d9e875872c76e4eda755289bf9aabb5f6 Copy to Clipboard
SSDeep 48:HfTuXIV5+YyJnyuGGMJpdzWbPNMINcG+MwIeFHLeeHu1RFz:QY5+YyJnyuhZlMWwIeFHBHuX Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 a296ec832d577c444cbc02bd1a019337 Copy to Clipboard
SHA1 78c3054cc810e6aac5b5748a5ff778d1f29c8e8b Copy to Clipboard
SHA256 0cc619df84d2b9119fab4ce165eb64c5ac52529742a60a8b7a9c4cbd99fa30a0 Copy to Clipboard
SSDeep 48:w9icXW4jiHaYo1ydRIV68gJmzwHh+UILbuMMpj4teeJcu1RFN:T4jiHKsOPkHcUmMV4Jcup Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 2a725ccd09126b0e0d43efa6e73ca6c2 Copy to Clipboard
SHA1 af845bde6b44a0b0f1f63ebebef82d86890899f9 Copy to Clipboard
SHA256 e80567feabbea64c5d8443bf67e9ef90a3a240cd67fff2177d37d64b59a172b8 Copy to Clipboard
SSDeep 48:nCu1QeeO3E5T2DemkoEa0NMhRRSCFpoOlrjsPu1RFd:nCu1n3s2DmoEa0NMHRHJlHsPuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 bec0a2cea619f68824eb2b86da9a247d Copy to Clipboard
SHA1 c97cda813f2f1b4e4add844f2ef96998db2b567f Copy to Clipboard
SHA256 77202589df6cfbb0d09b0a9b0afc3f99097d27d966b86e1ada57980d6ed4db1b Copy to Clipboard
SSDeep 48:JVT8td88k14JWehAQaFyBgOCrpfD7dOykMNJee4u1RFL:jT8tBk14JWehoFQOrNIykMNH4u/ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 ac7d24178ff61aa3e3b7babe3e2c281a Copy to Clipboard
SHA1 9a2fdbecb5e9199c75dff832dd87d4fe87428203 Copy to Clipboard
SHA256 3b521d976de92895df5aa26aa3dafc8ddebcc680ec3bbd11866b5e6f24cf386a Copy to Clipboard
SSDeep 96:N9Juz4iMNwRmIZwD4DS8Xioe6hRiDqMv7l7X0QZ23iZUPAJt0zWRlur:N90z4/eRhyEu8yt6hyBJbYZP6t0zPr Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 b16ac0b963e7672680366b2b1e5c9de3 Copy to Clipboard
SHA1 667b1bd7b4bb6e546938feb51397a363348e13bd Copy to Clipboard
SHA256 f5111605fb02f2124853f26acf6b56f8bc337ef329f2620306fe4453390e3f71 Copy to Clipboard
SSDeep 96:pp2y+Z1Ds202NYdRbZOTQZTOEwyPNH6mJ15DBEpFdsgNuZ:psy0pstZZ8QBO52am/cdMZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 9dfcfc40ee7dc8ceb236283e0d7629e1 Copy to Clipboard
SHA1 1714092e53d974c3f103751225596011d9a45d2a Copy to Clipboard
SHA256 17bb49cb1e647da7f7ceb7b1a1ec879168c1ea26f4f7a655f80b6c645092724b Copy to Clipboard
SSDeep 48:rFTrbLsDRtqslgR0dUFuIG3TzkPoYzz5NTMKI7/nxysPu1RFd:rtTsDRUslgR0kuZT4PoYxqj7/0sPuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 ecf91472a64272409e81b26a6a074974 Copy to Clipboard
SHA1 5a2e5941d4d55a3939b9720002a7542f751f5520 Copy to Clipboard
SHA256 55e06b783ae8b1e36e3bb605b652c87c307df778d23696f8a61bf9646a4a4495 Copy to Clipboard
SSDeep 48:O0QTbKc9BSZsFOdaD8M3iPdWX+7uHIx35jieWxP2FumHeeIzu1RFJ:O3TbKASuFOdaDL8UhafkuNuut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 dd37dec9161a64ca3acb4e586e703da9 Copy to Clipboard
SHA1 f39b27052b555d3f746a014d2e47af3f37ed4a66 Copy to Clipboard
SHA256 27771077eb072784c4482529c20734d74ce118fdb9f80a055823140f5ef2a07d Copy to Clipboard
SSDeep 48:VOQCJN/HkRZXVGrmepTzgTieIY/uODwsHAasLwu1RFd:gJaVsmeR+idY2ODfHAasLwuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 7255bec65607e3d854d7f084bdb054e8 Copy to Clipboard
SHA1 b66257105d37e9cdf6a6a63300b3db13b247a45e Copy to Clipboard
SHA256 58235b657d13d42e5c55b2d1ac2c4fe7f692465c0ee81d8691c0aa137c9bf867 Copy to Clipboard
SSDeep 48:KFEsLtCae8iY3i4lnFmgzmrItAmgj7C++7tu1RFd:9sZzkOFmgir6I+7tuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 d8bfc768375c29cb9ad6c2a9caf94d19 Copy to Clipboard
SHA1 1afa1277faa43b7db7896bc9a67b16c01f969cd7 Copy to Clipboard
SHA256 715af8bf29629dd465f49226abf53621893c9ba96cc0eff60ea3c41ccd87c0fd Copy to Clipboard
SSDeep 24:pFdP/nY8O2RE57BxIhtR7rkJC8cc7gxvhjlZHZQexiPm9Ou1RFG2X:pFdvY8BREtB+DXNCg5LZHKexiPm4u1Rl Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 2756069cd170f84881b3f0da7f7e627e Copy to Clipboard
SHA1 7bab29e732129778ecf974216d6af152f0584d6f Copy to Clipboard
SHA256 93809e45d1a046882036a1f6e99047b0935e0dab39bc849f7a3ee9481ec98ef1 Copy to Clipboard
SSDeep 96:KREpjlu4MPAODSzDRxyUpxLz+32QtmdKF/srZF/pPl5GoVlfT2l+jxuZI/jgsXuZ:kEpjlurzMPyrPwhpC4k6XLg9Z Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 3e9950a4403b32ffe422df17d14848d8 Copy to Clipboard
SHA1 d1a323686d34e5661be97dfa23d26161aefbc610 Copy to Clipboard
SHA256 11c456930ed576880689c136ed0bcf1bec208ee31e9183a84a46e0f502bcaa6c Copy to Clipboard
SSDeep 48:C068Njdprz0vibPhi2XQvjGjao53KVRiK2jtARIIu1RFd:CkNjDJPhi/MaUxJt9IuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 bd97b5ae56b902ce48a3886992a5e1c6 Copy to Clipboard
SHA1 2af2fb7e53f90ef7202fcce621a17e1e0bc88252 Copy to Clipboard
SHA256 270b1156683f1aade0327a32436aa1a7552ee0a66ea515577c638f313e8231fe Copy to Clipboard
SSDeep 48:EzWrjmtnem9ptS6pfS8owPK2ni7hFsUar81E8QAlcqryEygq4TZTB4eojLI5KhSz:EzQynPgUYw5agX2EVn52j4eojc5KhSBJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 8a09850ec316e04a0c4e07b40775e698 Copy to Clipboard
SHA1 19a84d0be8c0cd7c6ce0d33ac1039906e43f5e0b Copy to Clipboard
SHA256 b966dd521a4ee405d4ecc1bcf5bdf03ccaf6152aa940d1c00451ef51f0f5a3d5 Copy to Clipboard
SSDeep 24:XDBBMxJhmGXJTF1Omlhn8mThEerAm5+JFuJufmKcVu5EiLaVJIeFee5sOu1RFG2V:XD7MxXP9Fwmlsa+Jvf6YGJIkee5/u1RH Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 648d852a507c4e49876b5931a3b32c0f Copy to Clipboard
SHA1 f843770d6d34ed496aeee5d6a177e8daf7a1b7fe Copy to Clipboard
SHA256 1e8e7bf3795bf5bbe6ca7924a048a3c1f248ffce5abb9f487edd44d26e23a412 Copy to Clipboard
SSDeep 48:Ie7KIH2yZDm9f0M7vVRiQsnTqSShuGuna4k6e/hEzssu1RFd:PhZe0M7vviQsTqRAs6e5issuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 f65a6f328570284c70fd7241111ca20d Copy to Clipboard
SHA1 28a23bae76bec0eed629aa9003420f57e0cfbeab Copy to Clipboard
SHA256 15b5019b09d4ef3b3d038fd6caf9546271c134dd7e3f262d5c5acbfee914c4fe Copy to Clipboard
SSDeep 48:fDNvyi4XYGNRoilSHZYlaFCO/oNVi66Zv2WXbXu1RFd:bNvyiQYGfoilVaocoNU+qbXuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 8fe7a9d24d4de8c21fc7cb7de3f6bb6b Copy to Clipboard
SHA1 5220894e4db5da5d9cdf8f05a53e496c57c379c2 Copy to Clipboard
SHA256 57da84ae7ccdd692e7b742149115981c7f6fef8a6ac7cc7920592f42f11ef4c9 Copy to Clipboard
SSDeep 48:OgihY30s/wAeRn03qtbXSyAT2O2o4awD1eeCu1RFh:OgihYkpA803GXETx4JnCuV Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 4057b4b045783f7b008ba76e886e2896 Copy to Clipboard
SHA1 f8c194419d98891ffe2ae2b566dcd53a1a463fb8 Copy to Clipboard
SHA256 3676db166c7cf8b55bc23a7d3cf0e5892f09d2d4034bef4e5e295c890f3f33d6 Copy to Clipboard
SSDeep 48:i8ABHBCOxsKqHk3r70wYIA9jdL6HwVA/Qjh4SOTbdqPOeegu1RFf:IBHBLjr7056HLAN00Pogur Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 e8026b70ce902d4d9319093ac7e43681 Copy to Clipboard
SHA1 6fa9c198b296389f38d04d697bf04efd489b43a9 Copy to Clipboard
SHA256 5ae39cc5aa4f24f8f60cf67be899b4df69a7f54b75baaca89eebde285b64b5eb Copy to Clipboard
SSDeep 48:U325hgDTvjXYagd8HUXxYw0JgfG/MZOiebs68u1RFd:f52XPHUXxXar/MZOiOsduZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 55b1ac1cc029d3d198f05c26e1a1d133 Copy to Clipboard
SHA1 dd06a0fc7234c4f9821792554867155d79c43c6a Copy to Clipboard
SHA256 fe4a2382b9d59952bc40a28b92d2062a15f36ce19bc37ba9ad5c164b13bcc36d Copy to Clipboard
SSDeep 48:6Q7vWpCS7oUTHbxTmPKY+gCKW/T40iOHUkjOYTQeebu1RFf:6Q7vWpCwxZLGW/RUkjOYqbur Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 6.33 KB
MD5 dcaa58b4ec14fbbc0808e58998b1b11c Copy to Clipboard
SHA1 6a7afe5137e6ca38e787f14191ecc7a55c9db8fb Copy to Clipboard
SHA256 bcdc07cd435b0ef042a2b87bb8be23c5c4541cf2dd58ddbfb205188acf048cb3 Copy to Clipboard
SSDeep 192:LyZcjrd+fElemgSjBwR6hWz1j/ibogCQJ3j3Nowxu+Z:BjR+fEleHx6hKpibo3czCwxuU Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 44cc8c768885d03a0641354661576350 Copy to Clipboard
SHA1 a444cdcf9c3af490ace6b0a3873e537f2f9104c5 Copy to Clipboard
SHA256 7069afccc44cd93866058da6de45190b303803a208ac54ad62c00819f0295264 Copy to Clipboard
SSDeep 24:gI1S3uGA03fLtWRxVAPNhMffo2DyrvM2Ycx7pBeeE4UEOu1RFG2B:gf3uefLixcNMp2wI/eeE4UXu1RF1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 6c3f840e195ff84fe40c0af9fe452c17 Copy to Clipboard
SHA1 0ce147bdc872b9ca18272d53706bbde0c93a75bf Copy to Clipboard
SHA256 122c567e176b5e46a6ae94e7bada766906272baa34ac81a1855a55562ec4bd2f Copy to Clipboard
SSDeep 48:31zMHSxqSo1COCskCh6AVdA7cmvmrffsbFu1RFd:3e/SobCskCh6NWs5uZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 d25bd3d9c175fb38433aca049e10ec3f Copy to Clipboard
SHA1 89f774faff061345cb23c6937915802c89f4549a Copy to Clipboard
SHA256 461fe4ab2eacc4778e2bad5b06e48df0aad90fc87a1c35e6b444505e493f083b Copy to Clipboard
SSDeep 48:UaVwK+H7fxf6xn0iSytuR4QmhBxBfnhyjzGzdQHNL5XuNisGDu1RFd:RKj7F6xn0iSytuR4jPnUjQdLNisWuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 daa6c3b28aa5a255f2f48c269905783c Copy to Clipboard
SHA1 4ca15c419e910ae93973907b086e3977db5c0fdf Copy to Clipboard
SHA256 981f28e5de44ab19a8c56bc4950fa380c0abef436b63f886530d568346cc6363 Copy to Clipboard
SSDeep 96:lh7es7rvYPO1hWZN23XAIW2YLCWy983AUEeZrsUpDARkY3UsRZwQ6mWzpJR2Xh4h:j7j7hji1y6EgUCY3UsRmDmW9TO6L8+B Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 e22ad0cb1297e9ce88f88175c4ee9199 Copy to Clipboard
SHA1 bdca173964d3d83ca508d1c67ef63e4fd11c2303 Copy to Clipboard
SHA256 bc9f0b782a5d3e9acf9de83fe19ad8aead05420e464353b2a15e8cf1393c1fa4 Copy to Clipboard
SSDeep 24:cF0eeMiA8PV3fkNOjfWRpMm0RveS201TOu1RFG2/:c6eXSpc7S20Qu1RFL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 7c84c54206841447fbd4ae71a260db72 Copy to Clipboard
SHA1 656ded60ebda8bfc21c177382a2afb4af125b04e Copy to Clipboard
SHA256 87b54a0e4248f3cd352c2fd05baa3e0765df1f7c1cdb99694b75ebd4585e55cb Copy to Clipboard
SSDeep 768:kTmFIWA+1xHarwlAaYrMwXvyLt9MQ6kgE6Rj45/Up:pZx6rwlAaYrnynMQJgTrp Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 cad5ee0eb3a4645122c05a0295fde958 Copy to Clipboard
SHA1 d7ae411f38f409128cd811211a3260fe8ee16bfd Copy to Clipboard
SHA256 10d0f8074ad367a41480c6d00b42646df37d3c826feadff101882b0ed1ac975d Copy to Clipboard
SSDeep 192:T2qCY7J03OSN2jEFCUB0HKE3kW2pUVA+Y23DeSKjc1WPCJpYX:T2qCYFK2vUB0HXkW2pUVe23DeSKAG6pk Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 0f8504b6391018ac44c5381b22eab7ca Copy to Clipboard
SHA1 6af4724b0847719ea9890e629b526eceaecb8053 Copy to Clipboard
SHA256 17f54460b378dd5ff6149fb08e4f7a4733f415ebb83cd059feeb3bd465e28079 Copy to Clipboard
SSDeep 192:qGo9pYoA1OBZZ8NwcpGUjoNT5UBJKxdCF9Dj2oUoR8fypkWSlDqF27pXn32yZ:qt9pc1OBb8NzphjoPUBJc8f2qR8l1Dqi Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 132c7bcd93752cc0b3946960795c096e Copy to Clipboard
SHA1 73035f1c1eba2885b18f93599fda37dbbe7c293a Copy to Clipboard
SHA256 dfbd894f77f5111aefe8ee777dbe796e141953b03e78ec7324b86006086f4e27 Copy to Clipboard
SSDeep 24:gtbDCzo+2fhBsGoVOXYUSR8tryeaKZ/Hs7iO9XlnJpC5LQmU2HWSeeTzOOu1RFGO:UbD8pGLoUSqGeFy1nn8Zeetu1RF1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 4b42790f6d698f4feed7ba085bad59ba Copy to Clipboard
SHA1 04a978c4a97a102be04d3ef0b3ac519d4efb6810 Copy to Clipboard
SHA256 4c85d4b4b64e761d11eb11932e109c0b21611f1e0e6fa8797c81a06132f702c5 Copy to Clipboard
SSDeep 12288:PVU433jPBC85ZsnbkUY8yBY0Gm7CrSxFB/oXVNsyztGfoNq8uyyDJFo:WWTPbmbr1ZVm79xFBCVNsyowNqVfo Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 4653b7c87f0e2093bc8602b9a9110021 Copy to Clipboard
SHA1 bf8314de407b31541a0e95fca63c128994f5ade6 Copy to Clipboard
SHA256 3247f69545ed1cabcada46a018cebc7d508ca770ed16e5ee7a2e33c65a2f8e0a Copy to Clipboard
SSDeep 12288:LOfmKqrM20EuwBoeAQYZ+LtoMnfmj3kXkc7Xcsambdb7ZhWfCHuCek:um1rM2lBoeAQYZeekl7Xc7YhrHL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 a79ade02504faeb54f3d4abbf5cd214b Copy to Clipboard
SHA1 d886bf427dc221655097c7ec5763960ed9eb80eb Copy to Clipboard
SHA256 e14fe94a92c21065068463ca647c37dc88ddadd9f8918ed5fd924a96700c6326 Copy to Clipboard
SSDeep 1536:X+RHJLRnnBP9vHF1Oamt77p3M1NPn7KFTqtI2Mj5trZVOd7C0iY36:XEHvjma+Z3M1NPnOFoIfba7Af Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 109c6f944786a8f089d24ec18189dc85 Copy to Clipboard
SHA1 931d0961ed5fd4f3918a1e66915cafb9fd68fdf3 Copy to Clipboard
SHA256 3f02e125571650a678accaf30b8898aabbda21318b1d62467a54a4af6e6a1f36 Copy to Clipboard
SSDeep 48:OetF5CvcEgyBUH5kUL5MITjY+T6BnKlDzvvA+Wbm4d7kK2D1squ1RFd:OiByBxkjY9BnWvabTR2D1squZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 285643f656b503f8c308e6483bea063c Copy to Clipboard
SHA1 7e46a1b6b763803a3bce14101cb4a35f712851d5 Copy to Clipboard
SHA256 2fe280d7b5e0001c4dffe9019fc0692b4f65e86cb3d3f79b2a490eae37bb2125 Copy to Clipboard
SSDeep 24:I6J4pXJmtFDYw4z46D52GRDb97tFOHjUKygh5FWS20cwGOu1RFG2/:I6uFJ0FDq4y7DWjUoP20cwlu1RFL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 b60de938756910acf557174aaeeb5bc4 Copy to Clipboard
SHA1 092a351eed704691cbdee57d38aa9d8020f1a7e6 Copy to Clipboard
SHA256 26bcf5b815970cd791b09bbb5640205d3a59c0ff396491b4eff2232572b86485 Copy to Clipboard
SSDeep 48:tvlzqRjNzJIVY+Z6zWoDOBN/Eyy9nGeAoa3zGdjXOWGmnp666+STjOKeB3uUsZHk:2RjdJIVYjzdaNfytpkGteo6jjhxUsZuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 99312c16a46ee414357d97740614ff8d Copy to Clipboard
SHA1 c4fdade958c430d6df356a84b9c86965155379a0 Copy to Clipboard
SHA256 47a0960eb63ea2df52df0f88188fa30c00f1037444689c78731da0bb2b4e5194 Copy to Clipboard
SSDeep 96:CKHbzGUb6R9HxtBH5PZr1UDOY3yyBQxzISpexlVV9X6U+sur:RzGUb+9HbBZRr1qWy+1ISpexDV9nWr Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 6.51 KB
MD5 97892deb43db76ddf4b670d2003976a2 Copy to Clipboard
SHA1 a6537059937a8636e6e7d6c43ee7d493a09b4c4d Copy to Clipboard
SHA256 aa7ab398b2abfc43353781d5a21327f2024bf7be7795b6091a96817b213aaa8e Copy to Clipboard
SSDeep 192:tOorEjk80Dp7i+NkCaCve9ry4NNfJTX8B:Aoojklp7ZB6Fy Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 16.52 KB
MD5 51de6e615c594262dae8c596ef6a17fc Copy to Clipboard
SHA1 c4d177963e19c8d4b9da5b05710687370e74c8fd Copy to Clipboard
SHA256 9332c28890e89ff5cecfa1a43521a9e8ae5b08349b17119d65fc461535a4434a Copy to Clipboard
SSDeep 384:aWhipGIE66bfDYGDdppQvER01ZhEmceOQ3FRHucg+96:aGiGbkGDdpqG01IT1Q3Fk+o Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 599febfbd74cf0d8d0d132d584d02465 Copy to Clipboard
SHA1 31370bf1859274844edddb05efbaa203ae879f5b Copy to Clipboard
SHA256 9a3e5b2fb6e1a5b76d362e208c7419d8a182610a7ba589fe0a8b87b95f6067b5 Copy to Clipboard
SSDeep 96:3ldPQCrOLwpiaQAeD4YlythgGPcQxQw5mlIXCgGS0WU3na2b+0ur:bZSGiB1ythgM8XgS3na2bOr Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 16.70 KB
MD5 bc9dcae6a95f458c40766819b9eb117a Copy to Clipboard
SHA1 d160eda6e8a5f87ede5b6be86931e1fc3aa57ec6 Copy to Clipboard
SHA256 b8fabf7790a86c9c2952ab413c361fa33753c37b66626408017c7fe09a9eec33 Copy to Clipboard
SSDeep 384:DhL3obgUedwylOXzK5URVczokO3c9DRiz:tkbg7dwylGFRkOM9kz Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 93e32a19f16e28b254c7dba886f0b9ee Copy to Clipboard
SHA1 eea727bbd75120f9bd80fa5e61d694eaee9c7c36 Copy to Clipboard
SHA256 c967746074719f238240cb92fbd728781487cb905e7a1020dbe6387f2cb99a98 Copy to Clipboard
SSDeep 384:xLo71HteFs+IPRURxXPL/ZLjyYn85AoEA+k0nZQIY8slNb8FB3vK3FJUEkn5U:xLo71NmQJmRLhH8z+NnSr8sj8FZoFJUq Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 14.94 KB
MD5 3a7f6e244f45798eec4379f66bc3b472 Copy to Clipboard
SHA1 a14710c6d16bdb944b6a79e4aa9b1a1c1af082c3 Copy to Clipboard
SHA256 ebee921e9e76348ed74a03af2c50a4630fdfccd25ac870989fbe08574c464929 Copy to Clipboard
SSDeep 384:fGIhA0JALS3Gp6O9aOGvTFk76WZZ7FahF7U+xNbYjuIXQQZ:OIy0yMrBGbr7sf7UiYRz Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 02997623d333740c70ed8cfee556987b Copy to Clipboard
SHA1 0a77be4f724d11a5d6c497116cbe0272ddc5823d Copy to Clipboard
SHA256 b3cf73bbf4d085fd854f50836bba41154dc557b280f3a40a4c2f2bba7c520d36 Copy to Clipboard
SSDeep 24:xH/714153AUCpbfUGjANg+SvLLnSt4a91nNAsVWCJ/M+lbus8I+qnZkQ3tYLEOuF:Nsz3gANPSvLbSGG1SZCJXDZkoAu1RFv Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.27 KB
MD5 c0aac05b5e6e884dc7b82816fb1fa78d Copy to Clipboard
SHA1 9eccf22fd84cf3d0c1fa02abea5432fdad003671 Copy to Clipboard
SHA256 3a971b4fd987673d0dc3d03c22661fdf71cdbfb5be3168344f6e3212e9731430 Copy to Clipboard
SSDeep 24:rwcMneB4x+LH3KUanAOAOs5VIXwQEnHtGkaP7iZ8+G9CkK1WlefpWCYJdUl7OOuF:rwcMyaUan5dMakNaP7ia9CkKO1CYJGhS Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.88 KB
MD5 ad605b59176193bf43d401ba76607897 Copy to Clipboard
SHA1 3efd165dbcf6088c492f4f5abb09245b20aec1fa Copy to Clipboard
SHA256 6ff4634bfcc38da34b010ac88de1bfc1592dc1ac4cbd76d4818e1e1cd5c1a7be Copy to Clipboard
SSDeep 48:TateV244tEEPP4c5xyqyXBmmm1/l2Fcl55Q0BozkCgu1RFv:geVz4tEM5T+XBZQwul55VoTgub Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.76 KB
MD5 a8476fe61f718154e52ede0dbc732922 Copy to Clipboard
SHA1 b1c136f9213c56d0ea19d8b1071c5f1ed338326d Copy to Clipboard
SHA256 64c7cff15f960fabf4e7379310808d94aad10ff9f81d1d309b8642dd61474464 Copy to Clipboard
SSDeep 192:mfvEeQLrHFaSMzXXTWWhGuXWoT6ctnqL5Ck3+RSABF3/VXpNIX:mklTQSGDWWcqVT2CRfBxZ0 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 833f7de472dd96910baa9b4c4d5817a1 Copy to Clipboard
SHA1 10e8d5bafc606c6fce5041ecc407a01e066e62b2 Copy to Clipboard
SHA256 94a8567d7826107d15fa7ce248b43cbe72d7302de80a1003cd6bad6fce291847 Copy to Clipboard
SSDeep 96:rDvocCPjEgY2NZSjm8X8WxFs3sLzCq5RaLKhUUPjUN6E+2MvjHki61uur:gcCXzwv3L++2MLs3r Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 30.60 KB
MD5 34236abf670816fdcd2e7d474a95292f Copy to Clipboard
SHA1 ef343ddc143f3480871829365771b42dbed010a6 Copy to Clipboard
SHA256 881d7533de54caab4c9352c254840e010424b37cee5e82204721137c00fc8369 Copy to Clipboard
SSDeep 768:JfNg8qUO2Q9SE/2nuJE/twTotQ614GQfBfqARgfIx7KvD2nipfiTKi2Mn9Jfw+w:JfNgePGSErWVwTJGgRqayk7KvDWoNiDW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.56 KB
MD5 6815476a16eb5910fdea5daa172cd186 Copy to Clipboard
SHA1 f89be57baf88f6eaf5e2099e8baa752045ad312f Copy to Clipboard
SHA256 bfa2167ea58c4f731ec7ba2e6a271931af8289edebae51fc0d7fabc5568176b6 Copy to Clipboard
SSDeep 48:UsDlpMqv0bBJ5BF5jOGYn9zFgICNmu1RF1:XDlpMq4CngTmuB Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 0dbb2f437e1baf738fab2d71fc79b263 Copy to Clipboard
SHA1 fee44bb4267d7cd2626fbfc3b526361eacbf1bc6 Copy to Clipboard
SHA256 8bafaef0b209912ce9ff956fc03e627b69c5f6bdd044c239ea1eb65391e6396c Copy to Clipboard
SSDeep 24:xdwvWjovYmA7A20PYBJ0fXDXdW1Zt9KP8/btfBWS2UkjlhGOu1RFG2/:cejovYmRU0fz81Zn88/btL2Uk5u1RFL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.80 KB
MD5 09444089dd4fbeb4dac919cc9c12563a Copy to Clipboard
SHA1 c2f6d790ab15e02b1a66654f461b88b080621fd9 Copy to Clipboard
SHA256 bf6e3ad46adaadddc45b8c67f6ef8231e1dafcc807c67c9aca747d010c5d93e0 Copy to Clipboard
SSDeep 48:SHyKQaYS4lql7sHc906ByMzGFBO7yF6Qvg/fdSsz0dRSUo0/g5MqvngA/s5u1RFd:25lZeWMFBOOLvofDz0dRRr/g5Mq/xs5k Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 543e7f5b94931c6e5f50183a400fd0cd Copy to Clipboard
SHA1 c839ce48a163be1ba25c7f85aeb11c7f1656de59 Copy to Clipboard
SHA256 8b3db58ab4b973b3a94c06e856e3709c1a0b0f7f23b475d36b80e511ff582f1c Copy to Clipboard
SSDeep 48:VIJwBlpLYyHP8wzwcGOoAr+sfK9q+g8qFUobq6ZBAqN5u1RFz:Vu+Ee0KNbcC84i6ZBAk5uX Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.14 KB
MD5 076c33e9e36af38231bafb18605999df Copy to Clipboard
SHA1 09a561d307cf186af6b8e87b933050a6aa3083c9 Copy to Clipboard
SHA256 2639a00f45c3bee3446c5fdc803e476af8336d5ad651cbe4064767a640270004 Copy to Clipboard
SSDeep 24:8y7wnf62ZcJ7ALVw8ez0fLp4Q3/hiK2HlW7hdgNTBEOu1RFG2B:8yExxsjQ3/hAchWNlXu1RF1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.13 KB
MD5 ac14bca3b9b77960fe3f6c7c65168d89 Copy to Clipboard
SHA1 c43f877933d6485647ca767b5b515478b057b3d2 Copy to Clipboard
SHA256 e93e0651911e34d33be9002136b70aaf9da72eb527140ff3668fd451b170c7d7 Copy to Clipboard
SSDeep 48:/UIgo6ZX5/P83hSyoPxkgqDQ+gXAki1QCk3ru9hPnEC5SKbGU9YlFQ3WmfOYXu1D:/UIgo6f/SNoWgqDRgDGlnECwKvYliOc6 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.65 KB
MD5 f155e9ff5d7eb37ce9b2f45420661cda Copy to Clipboard
SHA1 7d31d8ba296b650b7ddcaf696f952646be65f69e Copy to Clipboard
SHA256 b93fb9920069fa32d2ed98cdee5d98407187ed05529e9c61331bd3b77f021aae Copy to Clipboard
SSDeep 48:EEmh7LmsJ7MDNMB80TYq0Zn0Vbs5u1RFd:EjhXmsuNmaPnes5uZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.44 KB
MD5 640ab7fc1205a7efc84e933fd4ae71c5 Copy to Clipboard
SHA1 3bf818bf10208e863b1267014ecebecc267f96aa Copy to Clipboard
SHA256 2ea2b87e31a6e7987c9acfe1c6287b8d12cf2519f8f919a97fd306ca4c15c57b Copy to Clipboard
SSDeep 24:JjLgNfkg6upYlsVbRAAuqC1vFOY77ggiYtmyJwBAcsPMpJ5vgKqO9mH5cztPb4E4:I8PA3RR7uqC1vFOYPD1SprRqO9mH5cz2 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 48f5c21ec0d0994e7bda630b30da111c Copy to Clipboard
SHA1 44769c429f5792236aeaf4c667c8067e8e6c73e4 Copy to Clipboard
SHA256 a34b125f4c033c7dca94e55abeaf9032dbccd3b2dcc7ae244061a31b2c2afd70 Copy to Clipboard
SSDeep 48:MOCuJiD5y+dlHQ7BNvMrBpUCQCrXdsps3TxLsI/u1RFd:MvToYlH8TvMN6CQUpNLsI/uZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 69.80 KB
MD5 0b9ad2c4a130947ac574d90c6debc578 Copy to Clipboard
SHA1 074fdd9633f4f9aeb7f13cbc2b4a7125ea80bf5d Copy to Clipboard
SHA256 5cd7217908a98b0cd63dbb498143df44e9d937eb38b8856871a5804b4bed5598 Copy to Clipboard
SSDeep 1536:+keOr0BI4p62z3I5A8p8YnIue9wzAgnmgiDJH5Hbw/MNNRXk3:vJwBI06t5ajgQHbw/MxU3 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 5.67 KB
MD5 2fe7dc16c6685b681d82044fe8bda0e9 Copy to Clipboard
SHA1 294d681f0cb35dc0a5091f06d3f651a6e3677d65 Copy to Clipboard
SHA256 8dc3a568a26945e291fa6e2834db0f19f80e770905d9421c612a163aa671c323 Copy to Clipboard
SSDeep 96:WAbmzcMiahvxiUvIdH6Om/xPbdMPgzK7w4QTj/uY/+iUAsMvzESiuB:WAKYaFfAdH6pxPNG7XQTj/CiNsMYAB Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.05 KB
MD5 d254269f6c4a79fc32957aa12357a295 Copy to Clipboard
SHA1 e85d1dd2f93af394d8c1e97a836758c6af5011c7 Copy to Clipboard
SHA256 cdce1f9d85922ef470d3658c0c88d6841e7758c86accb5ece33ff6060d1ee8f0 Copy to Clipboard
SSDeep 24:a9HFZELY62uJJ1R2TKuoXHnq/Smr1j8yAoKS2UVOu1RFG2/:ahntCJmsXq/xB3cS2Uwu1RFL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 37.04 KB
MD5 005db8b75410319c6bd743429ba6407b Copy to Clipboard
SHA1 1d689f4205b6fa8b7081e9b648356bb6ca78c735 Copy to Clipboard
SHA256 16442cece65b49801d3e5635cdd5c96eec35253f573b3f3e2bc94a40cb52ef56 Copy to Clipboard
SSDeep 768:wZDMTYmQElsb7Xpo2t3M7CGnZVTKV9IOhQkYLmpA67yDb:IOQlRcZVWV9IbJL67q Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.47 KB
MD5 68966cf596454df589511f4f11849806 Copy to Clipboard
SHA1 42d367e97bbb6e0b0b5d3266f7f44f849753c37a Copy to Clipboard
SHA256 660a81b116aa25eedcfc956a1727dfa74ed6a11d3c5aa8257a74e7f5f646ca19 Copy to Clipboard
SSDeep 48:YNlxUJbH/RvwSRidi9zHoNEm9OcdYyumAsnXm7fgXS//QaMkjZw8W2IOMG/YtxEu:Y9oRT8sxoNEm3x5W7fgCXQa/jZwb24GO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 582.61 KB
MD5 cc5984943e8337b06567991e40435abc Copy to Clipboard
SHA1 bcdac29b60860362a8ee7f727d4986bb94ff76cb Copy to Clipboard
SHA256 bc41ece8f3c231400958e7681e944a180b2d33de9d857951fb62c121cf46630d Copy to Clipboard
SSDeep 12288:mMQ9xwWMzDNPxgWrrfLrJV63TLq3QmSu+NED1LJTH:oE1HrJETmSJmJTH Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 26.79 KB
MD5 2f85753475cb23141d69fa1194fba876 Copy to Clipboard
SHA1 4a1b91c87f9d77a1799311760155142bd3209fd3 Copy to Clipboard
SHA256 90d59b1f8ff65e3e0e8f48c9702e7e6f79469a04a4fc5f3a053d5c73613b4245 Copy to Clipboard
SSDeep 768:h4pvzDxPpjyPHhfsAg10ihL4JKLpW0H2yhkk/v4Gx:6vzdxjyHhfsAKhL4QLpWfyym Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 9.37 KB
MD5 2926edfd1e0be9c8166afcc1805f4246 Copy to Clipboard
SHA1 6143e769455afb691b70f6bbe07d832df49b5f18 Copy to Clipboard
SHA256 3ba3671eb9f8647b47414dbc2e24e77cfe1cb044068b4d9cc47a254d53da4d46 Copy to Clipboard
SSDeep 192:+JOB2nYSz+UwKoc0yBHX0vFm0f0EMtKQtILCf7nlPoSj6RmIXq6ZZ:ecoYS3LocsPMEmKQtILCjntoSOR3Lr Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 65.85 KB
MD5 33a3248fdb8a9416c9eec68fc8c9f302 Copy to Clipboard
SHA1 2f5d925f1a4c8c09fd8176c9aff0e183c094e234 Copy to Clipboard
SHA256 82e66a224b2725b08267dc8afbd5afc5dcccf36dfeee4192e17bcf90a504628b Copy to Clipboard
SSDeep 1536:bP1N9oO5iBdFyqlPHQQwDTtB0MI3SY+vlzl/9p+73JpiOR:T1N9UBdYWQTTf0XCYalzl/9p+736c Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 26.54 KB
MD5 5ad56a3d2ca93e16050e6e54acb1ed00 Copy to Clipboard
SHA1 b9a91b9c71803673bc2597b22d8ef6f306e01388 Copy to Clipboard
SHA256 4059ebe679455fb13a27a468f53ccb2a595599db3aafcd516973640a2c196243 Copy to Clipboard
SSDeep 768:ZoNn4Ln8tjgpba1S75Q+t1mBJuHCq+JIyf+8q:mNnenAgpUo5qJM+JIya Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 4f2550f839f42711625c3d62776d3c38 Copy to Clipboard
SHA1 59e68d1b9538b4cd37cdcee1debec2892fc3b316 Copy to Clipboard
SHA256 22def6b5100ad0f22064c29c43ff00f07eacba87a1770d80bfcb272b59d8ba11 Copy to Clipboard
SSDeep 96:85LDdJNalnE0PY9zQIRXS/ynHe4e5C/XvsIu743PLfOonOFYJmur:y/dJNalEzPXx/e5C//E7ujfTn0ar Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 aa0aa99ccfb78fd553b9110639f8fce6 Copy to Clipboard
SHA1 750747a794692f51b58310c34a2a6ef491bec3b6 Copy to Clipboard
SHA256 c8716ae87f5fae373345069b1790957e0492dcb76df9a6215c59de5a29680f24 Copy to Clipboard
SSDeep 48:MTrCnnXEsaLbnoV8TRpK9skSlq5lqk0qQSNNu1RFf:50saLb08NpK6qvqcnNur Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.36 KB
MD5 00fe2ada8c8c149decddd34a1b872b2e Copy to Clipboard
SHA1 78ddb24790008a40d3017c3c00765e188a503ec0 Copy to Clipboard
SHA256 be15ee23d179602618ef1b6910aec94b246189ff18d86167644c2fadc2179b4b Copy to Clipboard
SSDeep 96:ctcE6gKmxdKrOZEQCnXWO1GvzhA0vJBETwwxHur:cWEJKAcrUTY7GLhA2Bwwzr Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 4.33 KB
MD5 dfbb4efb33ee4a89e7f4154932561671 Copy to Clipboard
SHA1 7aa1123ebf11ffbce64b73c9d28f8fa897b386ca Copy to Clipboard
SHA256 72bae2618f79146d0efedada426e052aef576516a56f85c6e61723919c65c76a Copy to Clipboard
SSDeep 96:qjfXK7Ddz+tVk5zE44dAUJ5fs6Pk3x9fzFWq7+2AzN885ds8euZ:qjhkW44dACfsn3f97+2AR8YZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.18 KB
MD5 1af5697c406d5a90032984ea771c7e29 Copy to Clipboard
SHA1 dcdf1ff3d8cf42ca136cfe17c8831b735615f670 Copy to Clipboard
SHA256 b59edb3ec04ea2ca6071c71f397456b324cffecee08fcd35bfbdd54cc5ba8f89 Copy to Clipboard
SSDeep 48:cibft0PwgYHW7kDhv2YAcoJDWSc8LC99XmgUs6/u1RFd:tbftSwX2AhvJAcc3mGseuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.54 KB
MD5 36f66e5424c864a54df7de3d6e5e3c33 Copy to Clipboard
SHA1 0760ba1d8d6bb9bc641f074f90cbdd1d9ba13e80 Copy to Clipboard
SHA256 91fb1d1087adceaf764c30c67364da369862e790b8991fa7e393f143fb20d5ec Copy to Clipboard
SSDeep 48:8cSGgP7yP7xGGl1UJhxbdWyRASWtO5qqjqJoUqihXE9gdwxk36sUljXu1RFd:8cSGgP7+wTJ0wAA5LjqJoVih0c36sGuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 6.51 KB
MD5 da3a5a2acf8ef98f724fcf175d695465 Copy to Clipboard
SHA1 f16cc35e7081d465ef66ba739e0648d70bef9fb5 Copy to Clipboard
SHA256 a1431a970e71f9668791fbcb3844ac3b28074d81a28f2cde09a24653f5ba6f79 Copy to Clipboard
SSDeep 192:vlg5Bf5CMirR659vH3iRNepdqDHbPueA+C4nsXRB:i8MkyvHPqD7GercXL Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 16.52 KB
MD5 9d5b13db9ca39643cef18a712c5fff21 Copy to Clipboard
SHA1 f27486f02ae4c868de85c6ecd0e21da7caae1783 Copy to Clipboard
SHA256 b8ac18e311595063784ca0dc600ed895ee43e8571d7c29a58fcc53f64b533bb3 Copy to Clipboard
SSDeep 384:8nA+gawJm2+KuUQh+o9z4GiE5N1nvlBK/ZHKJYj2pfR86i4cO:WUlnpM4GL5N1nvqxYRDdcO Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 1ef7bb4201324e7c2b74654c656ef4aa Copy to Clipboard
SHA1 facabd8f78b4e41e8f9109786b5a7ac964abdefe Copy to Clipboard
SHA256 ee525e26a1772e7e20495d2398cdfa8ba760ffc7690ef30b69baf272d312f2f8 Copy to Clipboard
SSDeep 48:8yaQwmVhh5qd4vjjVU+jaqXZEcYZfkVnuINZu1RFf:8ybAyvny6aqXIZMVnuSZur Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.60 KB
MD5 b760e07c8d3a15376284c33b6301f94e Copy to Clipboard
SHA1 febbe67a7dca41f83c2155fa9efdb19561bf3d52 Copy to Clipboard
SHA256 772f724c7064d5cfd3fc42f741d4129070639e1e5025f1807a893126b1007370 Copy to Clipboard
SSDeep 48:1/c5ntHmxzJSGJfDTt1UdcKIii7eqpK1Nwu1RFh:eozJSK1edcKpi5QwuV Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.55 KB
MD5 0d9211641b72e311876b7bee778561db Copy to Clipboard
SHA1 e685cf2aae36340977b28a14b05093a8fc184f87 Copy to Clipboard
SHA256 b8b64024b2a93bea4e5cca2337cc24cc4cfdd2f731b96cefdd589de01e821e9b Copy to Clipboard
SSDeep 48:ciy62RxvpNwZEHMYAyYvRPLQsnrGCi1izb0lc0PF69lYIlu1RFd:ci8JFHMYZARP0sSaNJlYcuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 fd3288a6d79ac2b1ad27748696cd1637 Copy to Clipboard
SHA1 a33d326248472093bbcd63ff3cb9f4b0ba8daf63 Copy to Clipboard
SHA256 14d5c45db8c1744952d1d3c364ed0e4999a328df8265c9031097f72bbf289beb Copy to Clipboard
SSDeep 48:kxywwH03ZIwtcwUXNWgtpvxyD+iWYNXXu1RFd:r1H0bytDHyDhWqXXuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 0d5373b6f5c72b4cb0087d2f4b4692ab Copy to Clipboard
SHA1 a618067f5b82d44d85c00938440ebbafaf281e3f Copy to Clipboard
SHA256 0597e1034aebfd8281813193f64ce6a17467f0f2236d7fc99565d2edcdc4b922 Copy to Clipboard
SSDeep 48:SCS6y2/knJ9dyggr9s6/9B55U9cs4nFuf7cSu1RFd:SC62O8ggyI9r5TtFu4SuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 df3c3c95429aa93b0eb36b5f9f67d205 Copy to Clipboard
SHA1 a67bb0957990aca5703a839143eb9f3b73d2fe0d Copy to Clipboard
SHA256 7e6733d170cbba0e41084f6d5464405011c58285fd43871beede7eeb222e4611 Copy to Clipboard
SSDeep 48:tWayH/fxdGDGNh+PITOopLJspAKbAD/UaI1YCfS6kSyvsqu1RFd:tKH3xWEsQT1JkAKcbUbeCfSj9squZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.03 KB
MD5 c8170b039a9957daf8d2cc21aa1762a7 Copy to Clipboard
SHA1 ed80d7097299d29e68c51e2ee416cd988cf56ae2 Copy to Clipboard
SHA256 e9b28e587bdd7c9ad4ad4b58faf7c52594eb2ff90a90dc91215c70bb8148eadb Copy to Clipboard
SSDeep 24:+H2ZfOa3cS8LtdR3RPCukcTbJqYJnkL5u2EqM59h7Acf4VvQOu1RFG2X:+HQ3cT5P3RPCti1kVDjMXh7A/VvLu1Rl Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 16.70 KB
MD5 ef2d8364db59e17fc1880536d8c38164 Copy to Clipboard
SHA1 5bc5bd5a7f2f80649fa7b03e22c5ec72ca8d4d55 Copy to Clipboard
SHA256 d08c4492c487e8e0c40c009a8eb12918005924a6181e3264af4db85b3d79210b Copy to Clipboard
SSDeep 192:K+cwt2KTTHo0Tk/cVTniAw8g4Eap88FxI5dZhILCAIK7Hw4t07bmh+MuNZglRJNo:KFwhDo4Y8Jp1HI5rOCAI8A7bmsMBNo Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 30.60 KB
MD5 3c40976514bef05c609d5f7679ea985e Copy to Clipboard
SHA1 9311f1e6aba3753a31cfb44c7f7b709d7c9bc647 Copy to Clipboard
SHA256 0be0075383a887f4e55ad0ddd7599de097f92b8b7c22e87578a5ce7df529170a Copy to Clipboard
SSDeep 768:IpRe5gPj9CUf9hdVpEncxvM2ha1W0oVnI/cyfSnsSE1NL:X5WRv9hdXMKa1Z08f5Si Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 dca48346b318cdd4a015924103066824 Copy to Clipboard
SHA1 0609500c3fe57042bbc0ad41ce2ceea22f323b95 Copy to Clipboard
SHA256 fab86173e8fcc18603717fbe80e4710200bc7ecc280bae967c48fe5be1b1da9c Copy to Clipboard
SSDeep 48:CUuO6Uywl//c0BTeXuyEl4AKDiILF1utNyu1RFN:XXcyRaDbiyup Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.07 KB
MD5 2ce38ce8acbdba283da0bb55dc4e280f Copy to Clipboard
SHA1 82d4afe5e4694d338258d331a9b3b92963ca0760 Copy to Clipboard
SHA256 1158cb4f6f6399422871056b43df366d95122e53f06ebf898e2a5cd304dd41f1 Copy to Clipboard
SSDeep 48:ej6KbZL7JrotAD0lZO2Jaj1xBLg6+08DOtqfmw0N1tcBk4YruGacG7Qwsbu1RFd:ej6yJJrotADIOk01oKqObtcknaiwsbuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 6.33 KB
MD5 051337db9cab293bca60d383627be288 Copy to Clipboard
SHA1 08f6b9e065ccc442771aebd2e82707edf23baa9d Copy to Clipboard
SHA256 cad1b72dc21d2adf4f4e863208f9c23361d8f935dcb0d7e42619669d10667fc3 Copy to Clipboard
SSDeep 192:T98ZVumBD7h6MVYAfePmbee6zQKM4XsCf+Z:T6giYAleEpOU Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 9.51 KB
MD5 be1a8ec2794d36be0baa2349ab97e6b4 Copy to Clipboard
SHA1 e6aaaca922d0d715e3474805fc2edeb8df621017 Copy to Clipboard
SHA256 751fdfe2fc7dcc569bb6c1b81f8b7c24c7f44e341e1147d6058f30aa9c6354c9 Copy to Clipboard
SSDeep 192:KfB6Hne3w5TpxQ2r2b06CKF7+oTqoKQv2BtrgPsluVaZX:Kp6He3wxvQe0l+oTqoqHgUUVE Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 db4c80a75e6c6693da3b9a408d79a9d8 Copy to Clipboard
SHA1 312cb5e0325dd4d5b964e0a45cf478b942cf7bd1 Copy to Clipboard
SHA256 78a456c060b065110eed5d7e13923e6248c568c551756356a8785a43ce2b2e66 Copy to Clipboard
SSDeep 384:3e2y02fgx2Z7kM8gIPAZZh9xyhZ9n3FntcVKvCiiMGVKvmDlVkfQYWCDO99GU:3M02f/Z7kbgIPAV9khR/vCiijvVkftDW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 5.97 KB
MD5 01734ca46d6464f91704b7fdbab402e0 Copy to Clipboard
SHA1 3c0224efb6945015462ac484170bc65679af229b Copy to Clipboard
SHA256 00cd30f6b7df1de021a426a36c6324a7f26fc0c22c4441637eb25a914cf8cf20 Copy to Clipboard
SSDeep 96:XWf9s+faEInnA5LQPzk+WMFVKP8IiHUtII3Ebps4OKRcqaeoF+qXOk+UVD2KzWsq:GfdBIngKAOQiE/0G4OKCqaAI+i2Kz3QZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.76 KB
MD5 0dc3d9f7d2dbbc7ee3e2f865fb6a04a1 Copy to Clipboard
SHA1 66cb7d97cb2be8066c56f5a626e5fd3cccf40bc8 Copy to Clipboard
SHA256 b9a2912cf81560e5787dca422042252cf225cf0cc5b14793f51dba44638aa99e Copy to Clipboard
SSDeep 192:P+yAV8/G+WsFVZnyUz8IE6a8XnCW3bzz3hQqJzGHkHoH4sCmVX:tT+Yjj3hXn/fz3vb2Cg Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.66 KB
MD5 081e1647f45dbe0b3a524377834d777c Copy to Clipboard
SHA1 91d081ef81571226e3f13502c8dedd3842d919a0 Copy to Clipboard
SHA256 889146e204eb9fadc46656dd1480fbb8e29521be4f28c55a4425f3651c5416b7 Copy to Clipboard
SSDeep 48:8qEPpMeeMxGJIoIzyoQHixTXgKoXAanmNZgu1RFL:1EmeeMxKDyQHixbOAaQZgu/ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.99 KB
MD5 11cd6f9913789c522037762f1ec3634e Copy to Clipboard
SHA1 923864f3dec4420b6328e672ab80a3150d7c0d3e Copy to Clipboard
SHA256 ddb6a29e9f47f7b71e9a420757aa74569bf57d05470a301fde4786aa20f72895 Copy to Clipboard
SSDeep 48:bv0yE1lnLJ2OPsgqn7C2mR66A6zvbiwo6jIBNC5iu1RFJ:bAvhImcZUbiwo6sPCEut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.94 KB
MD5 8207f64daed1d236d10b0c65fe6fe758 Copy to Clipboard
SHA1 1f32c74491b3a14a8c0a86a27b7fce3f56ed41dd Copy to Clipboard
SHA256 38c65cc96322199e4a855e37568ebc59306a1d072b4a77c05c32735fde4a3c6f Copy to Clipboard
SSDeep 192:zDMgB9PtpkwOM65cqg7wJAvWpGlat1VeW6aoZa8RUSTDvScOziy6TY74tkP9iPZZ:PMg/Vpxsc2JAOcYeW6588RUSvKc8SvKW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.60 KB
MD5 ce320f4f6f01584b9e3ecd5e93faaa8c Copy to Clipboard
SHA1 214718cc53924057e1e196675e501eb699d56a26 Copy to Clipboard
SHA256 eb8fb32549518514f6b6366b4484547aaea2e1aba3a8e7cd1d0e3f9e881fd6d1 Copy to Clipboard
SSDeep 48:3Z4pE1t4Gdi9ch83D+CxLaCRaePlNWgBxcdJ3kbUH7xUIAd7Dp3qrsH9u1RFd:pL1t4J9+CLaePlNnTAkbUH1U3d7F6rs2 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.04 KB
MD5 6657e79e6cca0ea96f15464eb96d3bd7 Copy to Clipboard
SHA1 8dd1d0ecc38dfc8a2108fa883c662ba4d27bea6a Copy to Clipboard
SHA256 d1b3e07f2d534ba22b06d78676d7e7a93b526b71e0c2adf0c60e44c4bec63ca0 Copy to Clipboard
SSDeep 48:5v1+01fsb2f0Er/hqT/eECm2nQl+afsKnRhVPEu1RFd:v1fsisEr/hKvCul+XKnRDPEuZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 11.43 KB
MD5 527d3c04be9c79f275a67554b393d71a Copy to Clipboard
SHA1 9ce1137a8a160b0b28344b87d1950319b1f13a14 Copy to Clipboard
SHA256 bb853a72bbd46d88c1f1c115ebdf01a69085eae54cb691890e9eac119fc0e443 Copy to Clipboard
SSDeep 192:uqEgif3n1AljmcAY7KrND2m9tVbKyfbmGlHD2uKEknvxOl+TnAaN6ky6Tcrylt:7iv+ZmcAYqN2mvmWsznpOMgkWyD Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 38.34 KB
MD5 b38c9f1230ffb1f0471572bc4ddaf88d Copy to Clipboard
SHA1 d767fae638dd0370f3f6cd48f30aa9a78239f335 Copy to Clipboard
SHA256 701bbbcdf3e9eaff7467ce7b196913c4b2a45db650ea5deb1b93030575e28074 Copy to Clipboard
SSDeep 768:nY4OWMuShZDr4Gq6flP82kjC6Vz7LyfGWMxZSx3of3W14VCrSmEGJACZ1l:nO6SD4GvflP82kjC6pd5SWf3WGWSmyCx Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 8.60 KB
MD5 ea5f9fbeb73e8129c126d715344306f2 Copy to Clipboard
SHA1 604250b36e1d045d53006b99495d93927a2d4a6c Copy to Clipboard
SHA256 2cd110a31b066fd7c7bd726da7931341f97c5ec97c19c5f21139c40c42b124c8 Copy to Clipboard
SSDeep 192:/sGr3j154i23YlbRkOGEbYe4Uzm/4F0d30v3TrmWcp5t7Gev:/Zdw3YhRTb/5zmI0smW05z Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.80 KB
MD5 2401f314bbc828d66f85151299005f70 Copy to Clipboard
SHA1 b8501c94c68998a16536717b288a1e39eab40f3f Copy to Clipboard
SHA256 b497336c7212e5c59b14a5721ee9f2c42ba6abef42d44d416900eef8211f8078 Copy to Clipboard
SSDeep 48:NxixNmqLMf+u2iqBxzQgw3SLwbEGOktdcfsi5u1RFd:NMNmq4Gu2jzwCLwbEtk4squZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.13 MB
MD5 91f5d0b0bdf894671060f47cae988d4f Copy to Clipboard
SHA1 96a279028695b7a2d77a32367f3f54a6088bf97e Copy to Clipboard
SHA256 eb61424cac3370b5bff7925655b51afc82db79b3878f9553cd9ca1c121506884 Copy to Clipboard
SSDeep 24576:n7WmMrFjkqzoAK3JTVomL38rzVHULmCurwuPCzc:FKG3AWXszK5iPCzc Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 890 bytes
MD5 9af68cd3e85434bb3ffda6a7050fae27 Copy to Clipboard
SHA1 35575c09e11c9cab5b5ff85817acd38d3e799d6e Copy to Clipboard
SHA256 96a21aed21aa7fecf894acc420da78223f9a0e62154f2296b9f7253af1f4ad2a Copy to Clipboard
SSDeep 24:0A4WngOGqklsPxA+WLpcjXcZEwetz6ZGjkRQV+OVZHtx1Ou1RFG2t:0cgfqBPHAaweF6ZtRJ6p/Qu1RFJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.85 KB
MD5 97b4776deba98ca12744cf0fd3bb1c28 Copy to Clipboard
SHA1 d67bcef10fa710fde9ad74cfa8e576592b578850 Copy to Clipboard
SHA256 6bd2ad5b441cda71466e429368857d9324088e8d8d7c53e82bcbcbd8c7275663 Copy to Clipboard
SSDeep 48:jsZny+HPi8/jMOZaUddrUeGaFAXXprC6HI2vbPnTkU29lDs15IC3TOESV8lDLOgE:jsTPielFeSAXXUKjvAUolC5vSVymZSr+ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 222.21 KB
MD5 22d62e427df6e5a52853a80e583abc84 Copy to Clipboard
SHA1 b5d77a5caf7431d5040a82f4b9453d39342cfca7 Copy to Clipboard
SHA256 3ec4ca944b54017b2af64b74788847403c576cb4da794e237c2d098116e50a39 Copy to Clipboard
SSDeep 3072:jsJfu12LvVwU3BiqyfJKQEjk0AZSr3cXyu/w7GhcTv07Fp/5XgCStqtO2o9oRL4R:QzVnBi9KQ9Egyu/1P/5wC2wZRLX3uJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 855.24 KB
MD5 02f0bb2c472678715b9aa0f63d88330b Copy to Clipboard
SHA1 5dee76975b5c84907ce90a70689ddabf3b890fba Copy to Clipboard
SHA256 d2c8651f72b8b7c986a21d450dd00c2cee88e7551b7cdd971f3eadfb7cddac20 Copy to Clipboard
SSDeep 12288:3mbgrG+C8zmZNsfJ7Mm/FHtyJqnOVBx6DJi2/oYdSNFzFLq+NKctmnKGr5XWnC7o:3ag1/9fJJ/FHkJSkx6DSYEdqDXtcMICm Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 860.74 KB
MD5 8e080a5d5253c382e6bc37ac96b9c775 Copy to Clipboard
SHA1 bc0ca4fd25fe641c8dc117824805cc86b4c3d6bf Copy to Clipboard
SHA256 ee63b2a00f000dd68853aaa3ad54ac2075df7f24174a995ceb7b3117261139f4 Copy to Clipboard
SSDeep 24576:v9xV+//AN5rb/A58z4rEPpvIViZKbkQXH2:va/eLAFrE5IVoSW Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 865.24 KB
MD5 a8951b78e76bf55ca72196076abdcd78 Copy to Clipboard
SHA1 3a047c9608535e58a25e5e7724dc7db248d8f1f9 Copy to Clipboard
SHA256 bd3e24ba35ed4c22cc6ca672e4cb566a1a86623d98d4aad369177c5ca84666f1 Copy to Clipboard
SSDeep 24576:/1b3gv1Zy1m8ukfRAKbJY85oSYK2M9A+0HeCOe89:mv1ym8ht1YsoamVet9 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.78 KB
MD5 8674e485aee886349a161653d20e00c0 Copy to Clipboard
SHA1 6c7846b350df248b0affbbd426ce6fb372a7967d Copy to Clipboard
SHA256 6148971aea85dfb87e712c78fc705027ebd5d649316d33d65a4c3978e900edb4 Copy to Clipboard
SSDeep 48:u1X3qS5K9HlTBALgTxScdcDfRmRwbp9Xu1RFJ:uRq1FTBVxSrfRmmd9Xut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 24.89 KB
MD5 d41f258e0f181371c377d072c76bcb5e Copy to Clipboard
SHA1 7c915fcb57355300183fc7034e58341cb98acca5 Copy to Clipboard
SHA256 df46b07bda2d373e4cfd60b35c6b8458b85ab4601df7df74d297aa40f9e377bd Copy to Clipboard
SSDeep 768:qbe1OncqiBlNaqfyA2ExPxCyEVR9N/KbyYon:kFcHrNdqA2ExP8XR9N/KON Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.15 KB
MD5 b60ddd809e4e833acb978b3b510f64b3 Copy to Clipboard
SHA1 2f1f11e29d7bdec1e35f5b48fc47b0749d018219 Copy to Clipboard
SHA256 09d9023e317e7f6d96ff10fa2426dd1aee58528870511e30833f8aa2578e1767 Copy to Clipboard
SSDeep 48:lN0Kt0Q82d4LvZtAJrjFPai4pjtaCL1/4wzbjcGXn8tXu1RFJ:zl6Q82d4LvAFUyCLx4wzbjitXut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 848.75 KB
MD5 26fe3b762cc263e1c1ba699dd4e39dee Copy to Clipboard
SHA1 39ef7bce63ccd8016ebcebc8ea02e0cbaaa834d1 Copy to Clipboard
SHA256 b36d0f723271321568b48af293292273db10c54e07fbcb10e45d10558b501b9a Copy to Clipboard
SSDeep 24576:90EppskHE9+q43g37ua75+7NxFEC1hHyLX92lNt:zpqko+d+TAxhSLt2Z Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.03 KB
MD5 468530d74d7eb6ac2ad5fdb715473354 Copy to Clipboard
SHA1 640b92552e73605e0e43a90139412d2cacb47529 Copy to Clipboard
SHA256 fce003d126744eed4c1cad0d5d9f621ec54db76757570abab599da794988ce9f Copy to Clipboard
SSDeep 96:F7P2HL4e95BX1mphWA7mWP8ard0LHqPqgut:h+HL/95By98UQHjt Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 20.39 KB
MD5 c04b0ceca0433cc30b6e331674febb62 Copy to Clipboard
SHA1 f9ea23478eea7ed27d480d15b3ace90991d274eb Copy to Clipboard
SHA256 49661b564f5e75f6202ec41e7543a3eebb6bdfc7aa245a03c17b8c88700a7819 Copy to Clipboard
SSDeep 384:3lH4DYjf8+C9qGSvKBulPST2GqEp67JOmQB8naiu2cdwchfabij1O:3lHgl+oSyAShq4mm8naiuvfYiU Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.76 KB
MD5 36b67aab7c89b198d43d20e5beb696bd Copy to Clipboard
SHA1 e169fd52b4976f3ab442e711bda114d147965759 Copy to Clipboard
SHA256 a9d31dc60d6d0cf3f5f8dfd4bf203dde71d9454a3eb36f2ac1c6700ed05b735c Copy to Clipboard
SSDeep 48:2uNNBkQantsmrKlvcs7yYESrtO3qgVi3u1RFJ:2u9CnNrKiCvc3s3ut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 32.48 KB
MD5 1467b1c3a060b0aae322ecb6e002d8bb Copy to Clipboard
SHA1 315a59fe5fb696db294a0728d3fe691e78a2b7c9 Copy to Clipboard
SHA256 278775c13aa9b56dd104285c54f774a50ddf8a5c0398f78cb966e33022e8fa77 Copy to Clipboard
SSDeep 768:Fu4n19OWJGNcOz+aWXDUtSQi+umOrlEw25UHYOayQdWm:Fu4n3OWXOyaWwtSsOrlY5U4O3Qj Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.37 KB
MD5 13854c9f04424f6c22ea54502da537da Copy to Clipboard
SHA1 1dda5ee729f25035ec7b21a1c53440bb95a48135 Copy to Clipboard
SHA256 49504b74e2591787c81b9930366a7a7e213e90a2fd7adb0dc085c1e8591d4702 Copy to Clipboard
SSDeep 48:s2XWrB8gneGprmVvRgrPHyjdjDfl/YfFfJ2mEb1Mgjpo5XZpOu1RFJ:X3aiBRgDyjdjh/Y9rEb1M+m5XZ8ut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 853.75 KB
MD5 6221caaae7f61156b317041c225211df Copy to Clipboard
SHA1 cb65f49a3baa9fd453b92c2344e18c6df63f349a Copy to Clipboard
SHA256 0413b68ad823f1bb022c1d3c36f237d1265cb30b49913921ef556e5988ae9ce8 Copy to Clipboard
SSDeep 24576:0qIZJZ1mF7/QaqdcDedCWtSP2/7CgtTTZnhWqSYDc5N0qo831:dmmJ/MdNbtSP2egtJWicfBd1 Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 34.34 KB
MD5 81696c048c35dccbeb2316afbba39dd9 Copy to Clipboard
SHA1 a14fdb2e1ee14f3bde9aaa1ac25b93ba3455c57f Copy to Clipboard
SHA256 1777a951cbd497eb2e787c92db42b670fc2a79243e0b4f656469f1c624bff6fa Copy to Clipboard
SSDeep 768:PmbvNGXIx/XsKI8wJGIIrTgaIGkxuACZ07NGXckMl9IvkFxBV:Uv/XLI8WGIIrTgaOxuAC4GsNIv+xBV Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 3.63 KB
MD5 9ca975a01ca936d4e1e8e06e3c543b2d Copy to Clipboard
SHA1 288695ecb4ee2b66bf79d4678f1c0b1abb791c3e Copy to Clipboard
SHA256 ad9c0d6273619fe3dcf9be8f38dc6a74f75cf4aca0db8ae84fccecfd0c032b52 Copy to Clipboard
SSDeep 96:CGU0TAXkrxOe9wAX4K/gPGm32lgOAvLTZVajut:CGUEAOtXH/gPGm3OGzTTnt Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 31.32 KB
MD5 11294ccfcc5e424390c980089d6499c1 Copy to Clipboard
SHA1 c579afc8bfa2feaba220489fe0efc6601ba38ec6 Copy to Clipboard
SHA256 89356823dbe1ea4fbb59740a05fb56164b6e757533491dbd5dd6fd97ee7e1f75 Copy to Clipboard
SSDeep 768:4LXP1fpknEvTuKOtZXvppgbBGmPmknKVg1Od05zVbkj5zegALrvZ:wjkEvT6LacsFnKVHczGzCZ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.90 KB
MD5 37b2656e22e3cf3b607ca34836c258b3 Copy to Clipboard
SHA1 8b663d0756a970be298f845f06bbb70e4309c2d8 Copy to Clipboard
SHA256 6b98fa2055c6f054b44324a8f855cadd749c161bc6fd00ec1440bdde5484760a Copy to Clipboard
SSDeep 48:ODqEfxnJytQPVpvhuqL24DbKv/pG9nHb1pneaCIYJv9HgFr9ylK1xPEk5osI3Ktn:SqGxnJDPVdhuCDi/pG9n7Tne9JvynPEY Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 19.56 KB
MD5 4312233c2c50e9ae33425816f657b579 Copy to Clipboard
SHA1 92ad61f2947e451b89a92b6ca36b853ba48f0b81 Copy to Clipboard
SHA256 cb003ec505fce3178eb177e00c4d9e010b9d876850bcce9ba25fa30a47f70e52 Copy to Clipboard
SSDeep 384:jU0qlE5u9jToK/OOcsLDMvXSiE+IeEnNUWOgGSNROk8a1dC9OSYGgE490s:jRql0u9XoKncIDcSQ4/Og5NROk8mQE1V Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 42.50 KB
MD5 f847eeb1ca99c05e75592a09889f93d2 Copy to Clipboard
SHA1 f900b9aa0b218230e7c9e2f5a3da1e875418b994 Copy to Clipboard
SHA256 6c05a1a612bdd51cc5b4f7acb7382698c5f5658e750102f802c7b6940bbe2873 Copy to Clipboard
SSDeep 768:01zg2B8rnVzUjm60rdQKwtqoOmEVPTnXlm68eempeOyQg+f3P6fsY6V26ohQ+Qn1:0hgxVXByKaqBVLnXE6qKeOyQrXHY6VYg Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.17 KB
MD5 f1640149869f65d55aa22946cc39f3e6 Copy to Clipboard
SHA1 8e60ceadb5ad8ff917ac6ea30ac5e8149acb8231 Copy to Clipboard
SHA256 341f18ab682c1ff94f4ee93629f11fbb1399e4183ae4aa9c2235e0acecf19d3e Copy to Clipboard
SSDeep 24:YIozWJfEfsTeoxzg5YEoMQo+T7boLhSZ3t5QREOu1RFG2t:YDWB6oxE5f3eT7KY3MXu1RFJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 32.07 KB
MD5 960904cd68d248eccb8d34868f6fc6ee Copy to Clipboard
SHA1 28b2e261c461041dc645f028613ce22d64124682 Copy to Clipboard
SHA256 e092075a94113282df2b5c427aa07266c3ab5aa6c6f911185f5ce5f0227e634d Copy to Clipboard
SSDeep 768:T3HcacEZYzYFc9W3ZcBc4RsmaabDgAFm0KmNRi60z:zLhZYmc0wBRPXwAknm3tI Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 29.46 KB
MD5 34a646cb9fb860401e102191ec4915e2 Copy to Clipboard
SHA1 61617ae124f05a0d8a248e367654ac9f6c273ff6 Copy to Clipboard
SHA256 03dae85c18fd02e6f884f4df6e2b294007e01ca613aa78e3df5102b2c89134c2 Copy to Clipboard
SSDeep 768:7YbEvcc1c2dqwEMzsiFJ7SGPp1qH+5oyDEdmqyc:7jvcJ8siFZ87jyc Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.57 KB
MD5 5579724f5814bd2aeba3bc78abb9bad2 Copy to Clipboard
SHA1 1fc3d921ecdb37641494f2d7fec5ecba8650c39e Copy to Clipboard
SHA256 afbe219383f387f9c2a25fccef10704e58fa2a35e0659f2594b6ab0fc124acae Copy to Clipboard
SSDeep 48:OaUqJm8xckdCctPkY2NsxfZpUbg7iW+Kth1Lnu1RFJ:OaUqJnNCKsYGs9ZpUbg7/+wjTut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 2.23 KB
MD5 8955e5bc356f4903df897598c54767f4 Copy to Clipboard
SHA1 665d778a62858c52feec4f8a2734cf8dce1b11f9 Copy to Clipboard
SHA256 c5914e1faa245dd44b11ef47b12f4418ac4aeeb8bed0274e35755985eb8d3eb5 Copy to Clipboard
SSDeep 48:yJsrvFkCQQHnQSzm/+YIUe7/gY9rXFRCxnGjBXzz9u1RFJ:PFkYBm/+YIUC/19TFR1jBXzz9ut Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Malicious
...
»
Mime Type application/octet-stream
File Size 1.49 KB
MD5 b8a0ff9575599368369a527385072b1d Copy to Clipboard
SHA1 d6d5a716d2c576520874912ef955e83c60609f93 Copy to Clipboard
SHA256 82e9888446c08c89ddc77f043af7865bcfb233a11c9a46fcd86a4f33345fe0b9 Copy to Clipboard
SSDeep 24:XEb4num/1GUt83NfCmPaaos2HymsLrXIidDFoBIXfcRtTf9XJ3tKEOu1RFG2t:XXDQIwNfCmiU2SmsLjIwVXf836u1RFJ Copy to Clipboard
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
DharmaEncryptedFile File encrypted by Dharma Ransomware Ransomware
5/5
...
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 378 bytes
MD5 8e7da61c1a7f0c65bd10b28c46e55f2a Copy to Clipboard
SHA1 2d282a0ac2f6c075a45872deafbf2030fabc3103 Copy to Clipboard
SHA256 563bb7c925196a8a30c973eec27587aa210f9ca92ba481d056de911e1a7885a1 Copy to Clipboard
SSDeep 6:U3bG4A7n6lY5oXsCLbMhJalkZB6WCAo5Osh1RiDA3Ty1AIFTdgCnNpUECU:UTA7nsYoz0JaWZ4lbnEOu1RFGCnXF3 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 d9d2a9ccb053c6bfe541ad683f1f9a54 Copy to Clipboard
SHA1 d04ac7d09139c3dbca060392f956f009a5f140cc Copy to Clipboard
SHA256 01410f5fe76033a02b8241a4bc8b0e1d0e27581fa8efe70e0cc31ffd0da8b9fc Copy to Clipboard
SSDeep 49152:zDxL8QBo6Tex4S120ytJy6iRUZVwKb2NBFg:zR89j1CZ9CL2 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 67.85 MB
MD5 6b078cbccbab0d5edeaa1d85f11ba58a Copy to Clipboard
SHA1 66820f091ea72f244d2d2019748cbda0b7b9702d Copy to Clipboard
SHA256 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 Copy to Clipboard
SSDeep 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.14 MB
MD5 b5925aef90b39c925942a6cc55ece09a Copy to Clipboard
SHA1 60402f3e940f40d6efecf1ca2bbadcc23196ec82 Copy to Clipboard
SHA256 526989a3272a06e3bfc29ce94c002922d35c1a19def229386335918a1a33fee1 Copy to Clipboard
SSDeep 49152:zDxL8QBo0Tex4S120ytJy7wsU9mX8MJJYTqc2Y:zR89t10s78MJJOqc2Y Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.15 MB
MD5 a47488e30a6aef68a17ffe6d571d0f1c Copy to Clipboard
SHA1 2bd1cb78f009dcb1df1da4d5c4b975e564dc404d Copy to Clipboard
SHA256 108cc1458cff485f3c3005ff6ae6b520d954f07da4cf6d821e05a9d15b1d8525 Copy to Clipboard
SSDeep 49152:zDxL8QBonTex4S120ytJy1b2prKtuoK+vBg:zR89K1wAtuXqBg Copy to Clipboard
C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.94 MB
MD5 2fb10a322517f7cbfb3a6cfe3f7ec571 Copy to Clipboard
SHA1 f50dbea0bf05e4a4f73abb265fef52fa43db4e07 Copy to Clipboard
SHA256 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 Copy to Clipboard
SSDeep 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai Copy to Clipboard
C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.25 MB
MD5 efc9f3b1d7a50549e7b9be42db324f4b Copy to Clipboard
SHA1 124112e3393f9412ad732b68cc9a5c294f8f404d Copy to Clipboard
SHA256 ca7674c96032c8dc76d32137c5e9987136121d97e797e7d0067b1a583f858c10 Copy to Clipboard
SSDeep 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+1:MUvTiNhU4L7tZiTnprP0txRs1 Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.88 MB
MD5 0132354deb06c352353675fce278a129 Copy to Clipboard
SHA1 82f447263c0d4d83d398af15034413083edcbc35 Copy to Clipboard
SHA256 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 Copy to Clipboard
SSDeep 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ Copy to Clipboard
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.35 MB
MD5 857320b842334c8f19595e779e1f6688 Copy to Clipboard
SHA1 a7c127a0c327e04a641f928e99f58e4d804abab3 Copy to Clipboard
SHA256 c3cb8b7665d4a4df59792e366dc8c1e1df19300a81ecdb3d8ab91d8fdbe7f161 Copy to Clipboard
SSDeep 49152:R0opH/cgHa3HRxz+4gKNS6yYKIM2eDOEXn9B:R0op1Har++3fjEx3H Copy to Clipboard
C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.48 MB
MD5 825ac5831f3aa7284456d89b046ccbee Copy to Clipboard
SHA1 48909521670522737801df4cce7c4683005a446c Copy to Clipboard
SHA256 e2bc586b91ac5ae7f42e574c96e7809b41abb4b9e6ed1ffa9d0e1c0cc70ac513 Copy to Clipboard
SSDeep 49152:fHYLL/WoWLljb1R6rOSN20yRJ6LkvTfw3VHpJz:fqLVW6vnkvTfYb9 Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.53 MB
MD5 4fb6c079967f604d4b8cdf477caf6de0 Copy to Clipboard
SHA1 a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 Copy to Clipboard
SHA256 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f Copy to Clipboard
SSDeep 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj Copy to Clipboard
C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.16 MB
MD5 1c8407e78b66c4036c8c0ff1c94da88a Copy to Clipboard
SHA1 ec053b5a1b71fd755fb66ac942cd2606db7bda89 Copy to Clipboard
SHA256 589cc4e2aadf79facecce80cd6b64aee18e82bae8a9b34abc998f0fc0da70b06 Copy to Clipboard
SSDeep 49152:zDxL8QBoSTex4S120ytJy8w91/YKgiRfynm:zR89r1Ew91oyanm Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.76 MB
MD5 42ac6eff5aa1dad153cb32ec3d616e43 Copy to Clipboard
SHA1 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 Copy to Clipboard
SHA256 b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 Copy to Clipboard
SSDeep 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 11.70 MB
MD5 052b4a3aaf24e1879297e0f1408c7662 Copy to Clipboard
SHA1 ccf2d2087988828f8117c27f1ec3ccaf4b5b926d Copy to Clipboard
SHA256 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 Copy to Clipboard
SSDeep 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h Copy to Clipboard
C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.84 MB
MD5 3d0e1f18676626331ffefafe53b18248 Copy to Clipboard
SHA1 80d370bf723a4b00b769c1a7266d63de82280ab0 Copy to Clipboard
SHA256 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f Copy to Clipboard
SSDeep 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS Copy to Clipboard
C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.75 MB
MD5 b6ba50e08273c45aee816097dcdc56ba Copy to Clipboard
SHA1 eb9c73d95951c5bf810266ac56e021de5879af4c Copy to Clipboard
SHA256 c6f1462fcaaa86304db047e729f40fab9c21012fa252ce0b4030d22781c7a33c Copy to Clipboard
SSDeep 49152:Crh2TUGD0HEytsDd5D9kwfbF4diB/SC9GMzff7Nz7kk7oU0PnHFltB+t5VfZ:llyaDH9kcidg6C9NfjN0+inHftQ3 Copy to Clipboard
C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.54 MB
MD5 9a4c48d436093c97e247bb0d6668bbc1 Copy to Clipboard
SHA1 da06d1cf59b67e0708f396ff633e5c081c2bb251 Copy to Clipboard
SHA256 df75baa0706e58e72c39e86d8e2107cfbb59532c369d1bf64db65e504b6671fe Copy to Clipboard
SSDeep 98304:zDMUwxyODPFhbY12HLodiF4+5riYYckHOO4X:z4UwVthio4ZckGX Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image