Analysis
-
max time kernel
3s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
06-05-2021 01:30
Static task
static1
Behavioral task
behavioral1
Sample
ransomware.bin.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ransomware.bin.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
ransomware.bin.exe
-
Size
1.9MB
-
MD5
ba5921707560d9ae819b2f9de9443a7d
-
SHA1
9ae2e981ef53e2f0cec54a30a6a75ac40ed8c592
-
SHA256
9cfd14ceebe074375e7c04a86b80fc15b35d73294cf54d3f0aae11351702adf4
-
SHA512
e6f4055c77c8329cb9fac4a78c9852aa0c6f404a3c878a75321b15e560f6faef3a0ca235836103fbff83e1558267535759a3bce6bee42f98265df5b512dee9ea
Score
8/10
Malware Config
Signatures
-
Modifies extensions of user files 7 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
ransomware.bin.exedescription ioc process File created C:\Users\Admin\Pictures\ConvertResolve.crw.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\ExportUnpublish.raw.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\InstallComplete.png.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\SaveOptimize.crw.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\WatchRename.raw.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\WriteRename.png.AmaltheaEnc ransomware.bin.exe File created C:\Users\Admin\Pictures\CloseWatch.crw.AmaltheaEnc ransomware.bin.exe