bbc71c57a9b781e7c2a6472e86f25fb088c916879cebfcc4d08bef9e7e04555a

General

Target

DogeCrypt.exe
Size

336KB
MD5

016dd707baf9509b8a83234dded5712c
SHA1

310f48e03fc9d6d098eff496a9b4de0ff29c9c39
SHA256

bbc71c57a9b781e7c2a6472e86f25fb088c916879cebfcc4d08bef9e7e04555a
SHA512

afe9548b59cfe2d879aad107a238da85ab1dd514b9c92dc6ff51dd0654dfa08890645104591d0bab280ba3d6efc50e608cc0d57bd7c56dae0d2af745eaa907e4

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
ransomware

Processes:

DogeCrypt.exe

description ioc process

File opened for modification C:\Users\Admin\Pictures\InstallRedo.tiff DogeCrypt.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\InstallRedo.tiff	DogeCrypt.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

DogeCrypt.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Control Panel\Desktop\Wallpaper = "C:\\DOGECRYPTinfo.jpg"	DogeCrypt.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

832 NOTEPAD.EXE

pid	process
832	NOTEPAD.EXE

C:\Users\Admin\AppData\Local\Temp\DogeCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\DogeCrypt.exe"
1⤵
- Modifies extensions of user files
- Sets desktop wallpaper using registry
PID:672

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\note.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:832

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AddBlock.mid.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\AddStart.3g2.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\BackupPublish.MTS

Download Submit
C:\Users\Admin\Desktop\ConnectAdd.otf

Download Submit
C:\Users\Admin\Desktop\ConnectUnpublish.dll

Download Submit
C:\Users\Admin\Desktop\DisableComplete.3gp2

Download Submit
C:\Users\Admin\Desktop\DisconnectSearch.M2T

Download Submit
C:\Users\Admin\Desktop\GetSwitch.avi.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\GrantApprove.mhtml

Download Submit
C:\Users\Admin\Desktop\MoveConnect.cmd.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\OutUpdate.M2T

Download Submit
C:\Users\Admin\Desktop\PopProtect.txt.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\RegisterGrant.jpeg.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\RemoveExport.mht

Download Submit
C:\Users\Admin\Desktop\RepairShow.mov.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\RequestCheckpoint.snd

Download Submit
C:\Users\Admin\Desktop\SaveAdd.wmv.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\ShowMeasure.dib

Download Submit
C:\Users\Admin\Desktop\SkipPush.001

Download Submit
C:\Users\Admin\Desktop\SplitGet.vstm

Download Submit
C:\Users\Admin\Desktop\SplitSet.pot.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\TraceSync.WTV

Download Submit
C:\Users\Admin\Desktop\UndoRegister.ppsm.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\UnprotectCompress.vstm

Download Submit
C:\Users\Admin\Desktop\UnpublishAdd.csv.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Admin\Desktop\WatchGrant.gif.[dogeremembersss@protonmail.ch].DogeCrypt

Download Submit
C:\Users\Public\Desktop\note.txt

Download Submit
memory/2044-1-0x000007FEF7AF0000-0x000007FEF7D6A000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing