9cfd14ceebe074375e7c04a86b80fc15b35d73294cf54d3f0aae11351702adf4 | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20210410
submitted
06-05-2021 01:30

Sharing

Report Analysis Logs

General

Target

ransomware.bin.exe
Size

1.9MB
MD5

ba5921707560d9ae819b2f9de9443a7d
SHA1

9ae2e981ef53e2f0cec54a30a6a75ac40ed8c592
SHA256

9cfd14ceebe074375e7c04a86b80fc15b35d73294cf54d3f0aae11351702adf4
SHA512

e6f4055c77c8329cb9fac4a78c9852aa0c6f404a3c878a75321b15e560f6faef3a0ca235836103fbff83e1558267535759a3bce6bee42f98265df5b512dee9ea

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 7 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

ransomware.bin.exe

description	ioc	process
File created	C:\Users\Admin\Pictures\ConvertResolve.crw.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\ExportUnpublish.raw.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\InstallComplete.png.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\SaveOptimize.crw.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\WatchRename.raw.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\WriteRename.png.AmaltheaEnc	ransomware.bin.exe
File created	C:\Users\Admin\Pictures\CloseWatch.crw.AmaltheaEnc	ransomware.bin.exe

C:\Users\Admin\AppData\Local\Temp\ransomware.bin.exe
"C:\Users\Admin\AppData\Local\Temp\ransomware.bin.exe"
1⤵
- Modifies extensions of user files
PID:1616

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...