Overview

overview

8

Static

static

WindowsFormsApp1.exe

windows7_x64

6

WindowsFormsApp1.exe

windows10_x64

8

Resubmissions

12-02-2022 08:00

220212-jwe74ahgh6 8

12-01-2022 18:56

220112-xlrd9sdfhm 8

12-01-2022 06:29

220112-g9cm1sbdg5 6

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-01-2022 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WindowsFormsApp1.exe

  • Size

    117KB

  • MD5

    e7138eb2f838114591d0917050710bff

  • SHA1

    55f4b508ed4ed8e6650057b7a7538fda9dbdf2e7

  • SHA256

    bb0bca92cc74cac6b770649c5e70b0f4fd177de58fcfc7c719223485624dc28b

  • SHA512

    09a05490a40a05e1df42022742512a417c1a6970c06f32e445fb4aa12a123ea72f7cb2ed4da1ac1365229114c18578ae3e4baecbd653f81b77cf750a86554cc2

Score
8/10
ransomware

Malware Config

Signatures

  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops desktop.ini file(s) 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp1.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    PID:3788
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt
    1⤵
      PID:1296
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt
      1⤵
        PID:3796

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\_#ODZYSKAJ_PLIKI--.JEBAĆ_BYDGOSZCZ!!!.txt
        MD5

        0c531970662a20e940005907de793082

        SHA1

        e59d704e9c9ec5af0d6931b68f4ad4776d03d359

        SHA256

        33ce23f581982b529e2991e91657dc617a3d6257bf6e2eb6e70e900b7fcc849f

        SHA512

        5848ad5397539e4dda809c07c83cc4592b3a62f2a7ce87aed3f17b7ac928531c62534216b8e26d6244679e9d2f9eeeae8daac2bf7310835a5189a17af9df67d2

        Download Submit
      • memory/3788-115-0x0000000000490000-0x00000000004B2000-memory.dmp
        Filesize

        136KB

        Download
      • memory/3788-116-0x0000000000490000-0x00000000004B2000-memory.dmp
        Filesize

        136KB

        Download
      • memory/3788-117-0x00000000052F0000-0x00000000057EE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/3788-118-0x0000000004CE0000-0x0000000004D72000-memory.dmp
        Filesize

        584KB

        Download
      • memory/3788-119-0x0000000004DF0000-0x00000000052EE000-memory.dmp
        Filesize

        5.0MB

        Download
      • memory/3788-120-0x0000000004D80000-0x0000000004D8A000-memory.dmp
        Filesize

        40KB

        Download
      • memory/3788-121-0x0000000004DF0000-0x00000000052EE000-memory.dmp
        Filesize

        5.0MB

        Download