e858c09b00ed06ba71a17f4791b6264ab9cfac3dcc9d61df10f9b2a1e7b072e4

Analysis

max time kernel
34s
max time network
20s
platform
windows7_x64
resource
win7v20201028
submitted
15/02/2021, 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Word document.exe
Size

860KB
MD5

a1b86218cd460f7ec63bb0e8e97cacaf
SHA1

2ced2422fa7d1bd36edb411d4881d0488d0ac71c
SHA256

e858c09b00ed06ba71a17f4791b6264ab9cfac3dcc9d61df10f9b2a1e7b072e4
SHA512

e467adac35d38b69d9a48f1cedb98b249c96c2412f9efd00bef6e680f3494d3c46c8ad83ab0e17462f2056cf91fd32e7707d1b4d4736aa515229359b115767c2

Score

10^/10

persistence ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\Artemon.txt

Ransom Note

Hello! You victim on ARTEMON RANSOMWARE! your files encrypted For decryption, you must send us 0.001 BTC For decryption, you must send us 0.001 BTC For decryption, you must send us 0.001 BTC For decryption, you must send us 0.001 BTC Adress BTC: 36bUzEo3hksCZfQ4GTCogZnWc5ZTTtv3MD Your key that you should send to us: eycfs-50dsY-YiVip-GoP00X Your key that you should send to us: eycfs-50dsY-YiVip-GoP00X Your key that you should send to us: eycfs-50dsY-YiVip-GoP00X Within 1-2 days, we will send you a password and instructions for decryption. Copyring 2020-2021

Wallets

36bUzEo3hksCZfQ4GTCogZnWc5ZTTtv3MD

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run\HelloApp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Word document.exe"	Word document.exe

C:\Users\Admin\AppData\Local\Temp\Word document.exe
"C:\Users\Admin\AppData\Local\Temp\Word document.exe"
1⤵
- Adds Run key to start application
PID:1340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-2-0x0000000074480000-0x0000000074B6E000-memory.dmp

Filesize
6.9MB

Download
memory/1340-3-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1340-5-0x00000000043A0000-0x00000000043A1000-memory.dmp

Filesize
4KB

Download
memory/1340-6-0x00000000043A5000-0x00000000043B6000-memory.dmp

Filesize
68KB

Download