4ad3332742b46d2a60a21ca009941fd85a3e58cd635df5a1c3ed0888061a1fda

Resubmissions

12/03/2021, 08:12

210312-pn455svld2 6

12/03/2021, 08:08

210312-qlkwxgey26 6

Analysis

max time kernel
13s
max time network
70s
platform
windows10_x64
resource
win10v20201028
submitted
12/03/2021, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ransomw.exe
Size

2.5MB
MD5

8243dc32479532fcb82669da4b81a9d1
SHA1

3580a4719ded43c0bbc40d2e26abc0868811a03f
SHA256

4ad3332742b46d2a60a21ca009941fd85a3e58cd635df5a1c3ed0888061a1fda
SHA512

8a88c38f4507e64b4cfe6d13c7e4e98ad86dc15df9051badc5fb283f1a24f4549c0c14055a3d42a59f31b8d5da074cc3f8356acce9683190dd4a95fe7ae0da4d

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 26 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	ransomw.exe
File created	C:\Users\Admin\AppData\Local\Temp\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	ransomw.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	ransomw.exe

C:\Users\Admin\AppData\Local\Temp\ransomw.exe
"C:\Users\Admin\AppData\Local\Temp\ransomw.exe"
1⤵
- Drops desktop.ini file(s)
PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-2-0x0000000001240000-0x00000000014DD000-memory.dmp

Filesize
2.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads