Analysis
-
max time kernel
61s -
max time network
16s -
platform
windows7_x64 -
resource
win7 -
submitted
17-09-2020 02:12
General
-
Target
DogeCrypt.exe
-
Size
336KB
-
MD5
016dd707baf9509b8a83234dded5712c
-
SHA1
310f48e03fc9d6d098eff496a9b4de0ff29c9c39
-
SHA256
bbc71c57a9b781e7c2a6472e86f25fb088c916879cebfcc4d08bef9e7e04555a
-
SHA512
afe9548b59cfe2d879aad107a238da85ab1dd514b9c92dc6ff51dd0654dfa08890645104591d0bab280ba3d6efc50e608cc0d57bd7c56dae0d2af745eaa907e4
Score
10/10
Malware Config
Extracted
Path
C:\Users\Public\Desktop\note.txt
Family
dogecrypt
Ransom Note
WARNING!
Your files were encrypted by DogeCrypt.
The files are not damaged or destroyed! They're only modified
If you want to reverse the modification conatact us:
[email protected]
or
[email protected]
Signatures
-
DogeCrypt Ransomware
Family first seen in September 2020, based on the older desuCrypt/InsaneCrypt.
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DogeCrypt.exe"C:\Users\Admin\AppData\Local\Temp\DogeCrypt.exe"1⤵
- Modifies extensions of user files
- Sets desktop wallpaper using registry
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\desucryptKeyContainer.info1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\desucryptKeyContainer.info2⤵
- Opens file in notepad (likely ransom note)
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB