Analysis
-
max time kernel
27s -
max time network
17s -
platform
windows7_x64 -
resource
win7 -
submitted
13-09-2020 07:17
General
-
Target
32Bit.bin.exe
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Desktop\!! YOUR FILES HAS BEEN ENCRYPTED !!.txt
Family
crypt32
Ransom Note
Your files has been encrypted by ransomware!
and You can't decrypt with money.
Please install heroes of the storm to decrypt your files.
Attention: DO NOT TURN OFF YOUR PC! IF YOU TURNED OFF YOUR PC, YOU WON'T ABLE TO DECRYPT YOUR FILES!
Emergency contact: [email protected]
Warning - Any attmpt of decryption file will delete your private key.
당신의 파일들은 랜섬웨어에 의해 암호화되었습니다.
그리고 돈을 줘도 풀 수 없습니다.
히어로즈 오브 더 스톰을 설치해서 파일들을 복호화하세요.
경고: PC를 끄지 마세요! PC를 끄면 파일을 복원할 수 없습니다!
긴급 연락 이메일: [email protected]
경고: 복호화를 시도하면 파일들은 절대 다시 풀 수 없습니다.
Emails
Signatures
-
Crypt32 Ransomware
Javascript Fan-extortionist malware which demands victims install Heroes of the Storm instead of a monetary ransom. Uses Crypto-JS library for encryption.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
JavaScript code in executable 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32Bit.bin.exe"C:\Users\Admin\AppData\Local\Temp\32Bit.bin.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\node.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\node.exe" encrypt_ransom2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB