Analysis

  • max time kernel
    6s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    28-09-2020 10:41

General

  • Target

    8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe

  • Size

    18KB

  • MD5

    849ffabdc4a5e8da2ca654f614b01c56

  • SHA1

    791730d1deeb38d4fc93529c7ad9da06d060edd8

  • SHA256

    8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e

  • SHA512

    2df86fb79f463252c794fa757a7a95d2c25ee5911c018e9ce50545669e93361e7216edabaa0880419a851405b4dab3fafab0d72f0196ae3f98ec26c9676fd85e

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\!#!READ-ME!#!.txt

Family

dusk

Ransom Note
------------------------------ ____ __ _______ __ __ / __ \/ / / / ___// //_/ / / / / / / /\__ \/ ,< / /_/ / /_/ /___/ / /| | /_____/\____//____/_/ |_| ------------------------------ Dusk v1.0 YOUR FILES ARE ENCRYPTED! ------------------------------ If you want to recover them follow these steps: 1. Send $50 to this address: BTC: 1EiGoumJiBNJszEzTzasmQhCVaEYDDEbuo 2. Send email to: cyber.duskfly@protonmail.com 3. Enjoy! ------------------------------ Do not waste your time trying recover your files using third party services! Only we can do that
Emails

cyber.duskfly@protonmail.com

Wallets

1EiGoumJiBNJszEzTzasmQhCVaEYDDEbuo

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe"
    1⤵
      PID:3104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3104-0-0x00007FFA23F00000-0x00007FFA248EC000-memory.dmp
      Filesize

      9MB

    • memory/3104-1-0x0000000000700000-0x0000000000701000-memory.dmp
      Filesize

      4KB