076a432d5448cb7d5f7c235a77b4535b6e90ae56abc3c13e2c3c7815bab40898

General

Target

Cyborg Builder Ransomware V 1.0.exe
Size

2.5MB
MD5

5ad1631fe97a0345cbccf8802468fa7a
SHA1

8599c32e71d39bbd89b7fcae419fdf4619a6d2f3
SHA256

7f5efdf9e9273ed21f90bb095a34140e70d6f38d074c3f0aebfa2e919d4a82cc
SHA512

2acd63d433d33d5a98710da732cddc873655f97848fa4f9672632f956f14e594da96a0e63af39fcf948cc078eb44ea26e424af6eabb771c4acdb97e4f7150814

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

Cyborg Builder Ransomware V 1.0.exe

description	ioc	process
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico	Cyborg Builder Ransomware V 1.0.exe

Modifies registry class 20 IoCs

Processes:

Cyborg Builder Ransomware V 1.0.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Cyborg Builder Ransomware V 1.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Cyborg Builder Ransomware V 1.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Cyborg Builder Ransomware V 1.0.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Cyborg Builder Ransomware V 1.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_Classes\Local Settings	Cyborg Builder Ransomware V 1.0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Cyborg Builder Ransomware V 1.0.exe
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Cyborg Builder Ransomware V 1.0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Cyborg Builder Ransomware V 1.0.exe

pid process

1992 Cyborg Builder Ransomware V 1.0.exe

pid	process
1992	Cyborg Builder Ransomware V 1.0.exe

C:\Users\Admin\AppData\Local\Temp\Cyborg Builder Ransomware V 1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Cyborg Builder Ransomware V 1.0.exe"
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-109-0x0000000008740000-0x0000000008741000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads