Resubmissions
12-02-2022 08:00
220212-jwe74ahgh6 812-01-2022 18:56
220112-xlrd9sdfhm 812-01-2022 06:29
220112-g9cm1sbdg5 6Analysis
-
max time kernel
147s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
12-01-2022 18:56
Static task
static1
Behavioral task
behavioral1
Sample
WindowsFormsApp1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
WindowsFormsApp1.exe
Resource
win10-en-20211208
General
-
Target
WindowsFormsApp1.exe
-
Size
117KB
-
MD5
e7138eb2f838114591d0917050710bff
-
SHA1
55f4b508ed4ed8e6650057b7a7538fda9dbdf2e7
-
SHA256
bb0bca92cc74cac6b770649c5e70b0f4fd177de58fcfc7c719223485624dc28b
-
SHA512
09a05490a40a05e1df42022742512a417c1a6970c06f32e445fb4aa12a123ea72f7cb2ed4da1ac1365229114c18578ae3e4baecbd653f81b77cf750a86554cc2
Malware Config
Signatures
-
Modifies extensions of user files 2 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
WindowsFormsApp1.exedescription ioc process File opened for modification C:\Users\Admin\Pictures\AssertStop.tiff WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\CompareAdd.tiff WindowsFormsApp1.exe -
Drops desktop.ini file(s) 5 IoCs
Processes:
WindowsFormsApp1.exedescription ioc process File opened for modification C:\Users\Admin\Desktop\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini WindowsFormsApp1.exe File opened for modification C:\Users\Admin\Documents\desktop.ini WindowsFormsApp1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe"C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txtMD5
0c531970662a20e940005907de793082
SHA1e59d704e9c9ec5af0d6931b68f4ad4776d03d359
SHA25633ce23f581982b529e2991e91657dc617a3d6257bf6e2eb6e70e900b7fcc849f
SHA5125848ad5397539e4dda809c07c83cc4592b3a62f2a7ce87aed3f17b7ac928531c62534216b8e26d6244679e9d2f9eeeae8daac2bf7310835a5189a17af9df67d2
-
memory/3788-115-0x0000000000490000-0x00000000004B2000-memory.dmpFilesize
136KB
-
memory/3788-116-0x0000000000490000-0x00000000004B2000-memory.dmpFilesize
136KB
-
memory/3788-117-0x00000000052F0000-0x00000000057EE000-memory.dmpFilesize
5.0MB
-
memory/3788-118-0x0000000004CE0000-0x0000000004D72000-memory.dmpFilesize
584KB
-
memory/3788-119-0x0000000004DF0000-0x00000000052EE000-memory.dmpFilesize
5.0MB
-
memory/3788-120-0x0000000004D80000-0x0000000004D8A000-memory.dmpFilesize
40KB
-
memory/3788-121-0x0000000004DF0000-0x00000000052EE000-memory.dmpFilesize
5.0MB