Overview

overview

8

Static

static

IHAransom.exe

windows7_x64

8

IHAransom.exe

windows10_x64

8

Analysis

  • max time kernel
    271s
  • max time network
    139s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    28/10/2021, 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IHAransom.exe

  • Size

    231KB

  • MD5

    5f775c9a9d49013ef37aa7d332327af4

  • SHA1

    f96eeeaebef8e4d1ed74f7c557ef2a9d3c021bc8

  • SHA256

    6fafb9d3eec58313bfeb572ebeb09739a413b1df2b7755611f06ef62d8c9cf8e

  • SHA512

    fb6c0231f4821ded9c1fa7045d2581bd816d9dbe792394742b946f7ba76a06e18b84078bef6e0206f5dff2e42145f6e9f9f43829dc567ca571884b60c745f31f

Score
8/10
ransomwarespywarestealer

Malware Config

Signatures

  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IHAransom.exe
    "C:\Users\Admin\AppData\Local\Temp\IHAransom.exe"
    1⤵
    • Modifies extensions of user files
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    PID:4112

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4112-115-0x0000000002A10000-0x0000000002A12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4112-116-0x0000000002A15000-0x0000000002A16000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4112-118-0x0000000002A17000-0x0000000002A18000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4112-117-0x0000000002A16000-0x0000000002A17000-memory.dmp

    Filesize

    4KB

    Download