File name:

SashaSnider.exe

Full analysis: https://app.any.run/tasks/19e3264f-ce22-4204-be1c-a0208dda013a
Verdict: Malicious activity
Analysis date: December 09, 2018, 08:20:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

24917C74B44A57BD98B3FBB19CE74CF8

SHA1:

9873EBB4F7ED794B9F4CD7D5B7AB11EAFD6B5B2C

SHA256:

C438D0595FFC8E5CBB07085AF561964923866C2D940C557C037AE871FAF17A8C

SSDEEP:

6144:2aq9VJCZ0W+KjnZAhIg29uEuZv8TrvcK/OkOOXgdHI4XP57BAhB:vq93CZL+WZx/E8XvvDg9Id

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Writes to a start menu file

      • SashaSnider.exe (PID: 1728)
    • Actions looks like stealing of personal data

      • SashaSnider.exe (PID: 1728)
    • Modifies files in Chrome extension folder

      • SashaSnider.exe (PID: 1728)
  • SUSPICIOUS

    • Reads the cookies of Google Chrome

      • SashaSnider.exe (PID: 1728)
    • Changes the desktop background image

      • SashaSnider.exe (PID: 1728)
    • Reads the cookies of Mozilla Firefox

      • SashaSnider.exe (PID: 1728)
    • Creates files like Ransomware instruction

      • SashaSnider.exe (PID: 1728)
    • Writes to a desktop.ini file (may be used to cloak folders)

      • SashaSnider.exe (PID: 1728)
    • Creates files in the user directory

      • SashaSnider.exe (PID: 1728)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

TRiD

.exe | Win32 Executable Borland Delphi 7 (68.4)
.exe | Win32 Executable Borland Delphi 6 (27)
.exe | Win32 Executable Delphi generic (1.4)
.scr | Windows screen saver (1.3)
.dll | Win32 Dynamic Link Library (generic) (0.6)

EXIF

EXE

Subsystem: Windows GUI
SubsystemVersion: 4