Overview

overview

10

Static

static

TimeTime.exe

windows7_x64

10

TimeTime.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TimeTime.exe

  • Size

    19KB

  • Sample

    211219-b3r68sgfdp

  • MD5

    8345d2b0dc8fd2134d12856557b15181

  • SHA1

    a4c5ea013f8fc27d4079b5cd9f710bdbca02011f

  • SHA256

    5ee8500fe1a2f22029908d4e2b32e7fb85aec03ffea714f3b5e82ebb2bc10f21

  • SHA512

    bdfc9573df999957269f5bef22f7f20e75eae37765b9013f1971b4507d2f5420d591898aa4a535bc5158ab6367921dbf597378225aa02dd1a25f42b60624397e

Score
10/10
xmrigminerransomware

Malware Config

Extracted

Path

C:\Users\Admin\@__RECOVER_YOUR_FILES__@.txt

Ransom Note
---------------Time Time Ransomware--------------- All of your document,pictures,videos are no longer accessible. We encrypted them ! We also stole your files,computer information,passwords,cookies. If you don't pay us, we will leak everything on the dark web. Please, find @_DECRYPTOR_@.exe on your desktop to pay the ransom. If you don't find it, check your recycle bin or antivirus quarantine. We ask for 100€ of paysafecard (https://paysafecard.com) /!\ Warning /!\ Please, do not rename encrypted files. Do not use third party software. Do not try to decrypt the files yourself. /!\ Warning /!\ You got epicly pwned. ---------------Time Time Ransomware---------------
URLs

https://paysafecard.com

Targets

    • Target

      TimeTime.exe

    • Size

      19KB

    • MD5

      8345d2b0dc8fd2134d12856557b15181

    • SHA1

      a4c5ea013f8fc27d4079b5cd9f710bdbca02011f

    • SHA256

      5ee8500fe1a2f22029908d4e2b32e7fb85aec03ffea714f3b5e82ebb2bc10f21

    • SHA512

      bdfc9573df999957269f5bef22f7f20e75eae37765b9013f1971b4507d2f5420d591898aa4a535bc5158ab6367921dbf597378225aa02dd1a25f42b60624397e

    Score
    10/10
    ransomwarexmrigminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks