b2dbc0e4ec1be3a0ccf1e416032b2a28da7756ada51bfdb5b276742432ec53ab | Triage

Analysis

max time kernel
147s
max time network
23s
platform
windows7_x64
resource
win7v200722
submitted
03/09/2020, 19:08

Sharing

Report Analysis Logs

General

Target

Ranesomware_protected.bin.exe
Size

2.0MB
MD5

dc7018f6363337ca3f0bd43894ce6aa0
SHA1

72a3073a260bc768ffa1c22b447e0ba4a10a1f10
SHA256

70733389c89b4358f04575226a8ce60c4511018c98731a2ff7f556c29447e4a4
SHA512

50c8b2bbcea81f231ba8e6ae03360e7ee6555fc94ea27dbbeece74b4d516d030b7c37d05b9338910d558397707dab502bccb13bc4a538fc8a254576c69f33c07

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 1 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\EditRepair.png => C:\Users\Admin\Pictures\EditRepair.png.aes	Ranesomware_protected.bin.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs

pid	Process
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe
992	Ranesomware_protected.bin.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
992	Ranesomware_protected.bin.exe

C:\Users\Admin\AppData\Local\Temp\Ranesomware_protected.bin.exe
"C:\Users\Admin\AppData\Local\Temp\Ranesomware_protected.bin.exe"
1⤵
- Modifies extensions of user files
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/992-0-0x0000000002BD0000-0x0000000002BE1000-memory.dmp

Filesize
68KB

Download