Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10 -
submitted
08-10-2020 15:06
Static task
static1
Behavioral task
behavioral1
Sample
ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe
-
Size
1.2MB
-
MD5
0e527383dc50b48d63183e1176c4d79e
-
SHA1
c1437130dd774db14dd16c45771e7e1a484d5ee5
-
SHA256
ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a
-
SHA512
58a3edde62268c34b2577530b520559c8c8f4f085210703c59c75442b9162e396ea38973302afc3e54d6d546ccd7b246650b4e9aef137d7b7787ab3354aec457
Malware Config
Signatures
-
Matrix Ransomware 64 IoCs
Targeted ransomware with information collection and encryption functionality.
Processes:
ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exedescription flow ioc Process File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe File created C:\Users\Public\Libraries\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ja-jp\!BWNG_INFO!.rtf ef03ec9954d9643d8d65afc0ace38dae463f1a626584455245f1f733b4991f4a.exe HTTP URL 29 http://ghb.timerz.org/addrecord.php?apikey=BWNG_api_key&compuser=GOHCSFBB|Admin&sid=ujcQuPALLpO9BXQm&phase=[ALL]0F56F5E69B9240B0