Overview

overview

10

Static

static

10

Comprovant...to.exe

windows7_x64

10

Comprovant...to.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    174s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    14-02-2022 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Comprovante de depósito.exe

  • Size

    378KB

  • MD5

    668a6e809dd0554cde27c3a28ea01c43

  • SHA1

    aa02e2999168ee64f6d3ccc3218a131881fa7c37

  • SHA256

    d9771a04128e50870a96bc7ac8605982205011b723810a04a3411a1ac7eba05d

  • SHA512

    616ebfdc7018833d6f876394b601de98c5f1132189f28558a41993d02de8119ebdd2c3c2ccc1d6ca28085c18466dfa574ae40f3072d3c25b4be14f3144c98efb

Score
10/10
chaosryukevasionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\read_it.txt

Ransom Note
First of all, sorry. It's just business. All your files have been encrypted. All your documents are unavailable. The encryption was done using a secret key designed by our company. In order to decrypt your files you must buy an exclusive key from us. Do not reset or shutdown - files may be damaged. Do not rename or move encrypted files - they may be lost forever. Do not try to delete readme files - files may be damaged. Please send $150k in Bitcoin to the following wallet: bc1qp94vpfjgm6z7fvcsa43cymjpyytweqjju9u7dp If you do not own Bitcoin yet, we suggest a quick Google search. After 24 hours the payment will double. After 48 hours files will be deleted. If you have a proposal within 2 hours you will get a discount, minimizing this tragic event so you can get back to work. Please contact us via email: [email protected]

Extracted

Path

C:\Users\Admin\Desktop\BackupRestart.html

Family

ryuk

Ransom Note
<EncryptedKey>g70NPWZ9W3+Jki32vDP76B06a20q5r3fq1cXiVjYPnhrs874slmcQgr37XouR8G22yvxTdLyNhBoOQ5eNKvZkiSSUbi+rgfkhKTYtVv8UtExMWSmNXTaeqq3wc1iIu4RQalFqiruG6o8H85kvF39biRN1XxOfusZeXpZARUK1Z8=<EncryptedKey>PPh6IqC/4NDl3vre/PFYJazWJWC9ZczprFTq+dRrL8a8pewM4LzEbD3BfI+eleq4Vvm66/wEOxHmI5nLQOTnUnSrtq2MP+U4eQUHebA0Srqa1EEZDyqgnP9+YAKF/dM3zadqJ3xXVPX66R1xfjW7WipChg/86DxskjaZt9gV179IJsZNcBXTugrzpfe5mS+rVwoXMfPyNEMXflur1ZR4xymiZnfx1n1pM8Q5djiORpiX/o2h4ejVwSL/Kv4/X1cbqkDppsmLpuCMGP3M0/bYGcn0VVHJySKc2ZXSgd7pnn70O3D6eFnHb4nD66uXUIZy70l76efHHaJvOo98f7+bu0vrkuqCm3TpgtUGOWVUcW1v0QCRVYqBfGMsjmIHItiBuG4eBTkiAhysXn48Qg2TXjwyvBNoyJ91a8lSZ9dS2USpptOh32vFeVYXuJVeXv6nCDr2RQ1yN+b6T0E/10kuEC74OTiCBubSFo8hf4BKNLALMxRHlK9AiMkZwT1rMrdHP6MNe2Ei201QXCbMmJbZ5RVuhgkPLI2vcXNFVtaCNPmGsT1vyFUoqf4Zj6IfzB3jklZZ2chA1kcTO2h8bpdBRMuuAqqj10k7DbFgQQymYwD5gdlwjSpHEfPKpk0Fn14MvHbeICA7ciL2PpZ3dM3XlujSZVePxgzCU81fK2HayrhNfmlabqnGQzlMpbVpDz4PwqddX365W4jxvtpmhxNL0O39ofeZcxw+czSqt/8vTrp/nmwMLDbEEb9CyqWn8Oiap680w8d2MqG3QY4bVVeWhOZg3JiSx9UgYKYeVhKNz67FJHC1Jnk2dJ8KcFLcXe1T25FD1aGPWN5dSYJdnxqa0U9FZ7GVQoZneCvfn0A9Iv0+/5KOUu1UvMDcJQKNrL59jl2/nWyzxrDuxg14+8dqlo4P6rqScpQP0ezQHDIvVCWVVwxQNn/h/HxH6WNZcK5CGn18CX2W7VsMebAUlY9taNHH3UQd3CgN5rgBkKZOiMuYtNj6xrtzWui4AbyHq2nNkdB3vJdkBbr2jCs72VX2rnXMBtW54SWFDmJ5zpQTRJMZdAdxt55FDbV58JpTuGjTLwrqROzF/+Txz9cKP59WWITbw4ggpLZo1mlT9oiOoBdIylke8KAflcrkEts/He1DRMqdRnG4xhQXhVnq3CPJTpByl0NEmVvVc4DXn5RBGtpc7acXcPefVUx5mcwexpO2gt//VxnKcSMEVKUvMKUKWYjNjmnROyYg5kRgSHmoV8TpbkFdWimFQARCfxp8q6z+T2VpeNiyLw8OwxwNUpZN6ZKaFfE6wF7lxsnrfCQnN9GAVW8+zANMphs0dQsMp0kiUbkcv1UjqF9tc9mNVkeOV4bMT/65ADnJUtrjA19eEF221x3zGwWzJ9ipL18sXsqggLs81STYMfDGupiOhSg+FvqYjZlKjOKTRKlZe1LGXdT41/an/1xD92HuIM7Fjkyzo3/hAeFTWBwsLgZpg7NcnetfDzWTsULz4P3t8pFprRsDbpFcZWC3OAvgOQvd7SQ24tmTXu2acVrkDC+gGT8zvPO6WWXJnW2WE880G/TGU7fwzgxbXM6hf2qwksLJlWO5kQNYnPK86cFyq0iLvU6oKBDNo1VQwxpVVlRQkJhnUo9PRmrZB9uF/ZSO/5lOwGXF79SqSv+yAwz8lFGsUFK3uIO4OwUy9DvrITpfYB0YERRq5HtaIuCBbAzsEA6kaSl7wfeYJculOjOyw7QGXoksH9MOnlJq5VIWUM4vGYUtXJVXMeYHZja4tXJdCBOdqagkO98rMK2o+eqaCy+bnTXP6JWRXSUq9BtuY9za41TAbK+CwqPfLLC+gMOufgxC02babmaCwLyFKnIyq0VuKBk5qKdlYu4k+FVewkPOQgE8upc14O9EJvLeMKVHGdvNt0VsoQFj6KcJeUg7se9RMfA1G3EQCBr2hzziQqqRexSCVG4hLv7LmYltmF675PnmV1dyYQ518xRiFPi8J0YahY1mJapgIPcU4QSmdc8EYYKDdl8Lvg/LE1I6G3Pl/EgbOvkt4nULWAmUPRTeGLvg/1ubFDz4wdaRcmegoFUGEAKmyL+ZQywQmj41FxhULxtzolPhbjLaCsd3zGLaRych1/9AyNcRQ7OLUIC5+MJGOhQ0eYD8ompoYdaqMiSFrSt1lWBKcrKa8fvcRigUvp+ola6rmTIbvy50ECKL9MIS9drG72+PEpHsh5/AZ82CFOJPf2+Czovurxg/V+PHTMDAXCaVWsCW+vu3Zkp/OyNvpS/nwoBepZOQcouO5fkuEN5Hb838qZwv0OEuQbQwYXC7DupLfrYydA9aLzonDzwZqIXLo8rKCIzqlAykpt+basJlTQBMgWHlOIBvccoW8GySpJcvZ9nmZ3Mvhp3rHUo0FdfdoyIncpyMt1oPlU4c68zyUWp/OVqV61Vse96lm0tAg+cpOurhcmQ5yNHlA28zAvOakz08ASkLwpsSjqWFSZ1o+V5LxW+TIEYOp3j2BWdhYxU05ymjmZ74kt5M+t1v1DMVA88oX0Hc9Wy2NfGnuOoL5ZSS8tROuUnBAUYzca4ShsVTlKVNUicOAzyLxhD/8kOoAheCuDScyVwaGAGNvK0Am6dNfnh+2W2qqE0ZvLP66jeSElnnzDq2ZtPClT5UBgpVlE7o/zxqaRyJQXzKBpWF+oaEvx17nURje24Vcg/JvgotvJULaUUGHjKv96k88agkEhKo41CTfLKQQsG97bbgV0/viW48LERUHfJVCjUFsmoPXaxBTi0sTU+c6pGbkw71euFfeIjiMuyYjxpv5JKT2XC9cMvE840Qj9SNZo9QeTJSN6or22e/Mpx23q1+AMPi2cA0414FdyZ+JlIutdMl3qTKjiOAsYpcen7eeLv3Vdq20nh8H75OiimNngKoOJJR1JVZMtfi0bkBeGeHOj2rQMW0ln9GYLeiMjx90XN/5vbRqbDDc3pHEA8sPDu41Z0gvGT2X153VntQ+dW1uKeycMyuSt+sYoJzJZx9Ju1KZ4Wsc21omyK/q2D89OS9QwL7QKp3f+70L10lb5kRgnoZt39KtFkCKKj0V2BkXkePB68JttI6MegsrTNb95O/SOMG25spVAtcI+u2H7ilmWWuJXM/sIGW+m4ys+akdXuZjPCoolZWN9z968XQCPCs9HVzxd+t4NmSYlisg7DDz9cq0W4UMTfdo+1ousg9P9b9h6s3ES6CIpssrJSeUMM1cOssSR6f4W7V/UFJV8LHHOGRvW8vfv1gizDFODNRJMmtjOFnvJJ1A+mUqoSu8LznV1vIM9juFanyqJlJMpEL4x8kqffv3hnQsTl+2eGk6k39c9Yo1HQQ2oYESkG51/ZAp5kW8swKaFzY4NSpffVPGIKpvmuFvvR2eFPpDslNfyX7fDC2hFY1RcQR7dq444f/xbJ8Q+mdYz62RJvA0/qJFe+013+KjH9coe8PRHEiBwbc8bV0Nf2+CeUuJpiv/7E+m9FkJqj/O0v+2Fvvhzu523OHghteotsZPXWjvg2WWHUIWNDR6ZXW3INFjoSzrQi5/FHgaKQ/rEQqboutZgVvELnStck9e8Sr5ttf0VUq1dH5xALv0lDoD7qKo56wMIuVgI7taPbl3dHPCPY5tgJZwRQSuZMNwsai04bCtM29IeYKf1cLkZTm53LBjbtztJzu696hXDTMeGL4KV04fv8SHxhmfcqaCF8bkdfDOKiNBE+s4M22toB5vRV0IlyPlNPRt8q330igQ7XWWlHf1xL84ye+Ne1HFWmoZTxVyqXuN9XecPXH6ZSRSBOaeCxcL/IXEQEJ0zcRLpWBczViVMfFLp0ujDIxPODSwYn/F94d1yYt3plnzZ7lbyNmyYvb1FnMwxKm+RF8xpV2LropICJeNXmF1MPS4sTxYSk1JeqSGA4xeqOGpRUC9oBo46aGzIAGmw9Yc/TO+f7bs23PPrhoeUnEmRYK68/0WTcMwaT6otMT7Pwc8kEOturGkmxLkLcGH3zkS/ztkQHUI+o7i6t9SmJJb0eyCw1LDSGwW+ycTTySD6kAVLHvnA33GZoOgTQg0wTiijBPCI/RZ3g2AaV2wRBXzhr8FEN9edTUiLOnXtQM6G7obfmOAy44F87dV5nzc/KTgmFvf5WgfWMFOzvAVPDCC68O22nhKQeWNQPlgkZ+RgY99jdVdUcc8vIRJmAr9ziyJAQptTDphJPCff5AIWn4HVS8yud3OTibM7Hd3LqMyj2SEyTZnhoyNNO7jKdPoVHnJriMEmTdeSfYXrVCAllsPKxCqlmxt/ftOjbvDRF+pZd4gbVx81YUSA1LLPH/xRRtoKQg36G/aLYRy7m7fbVISrTCY2vDmTLiNWuT4VaLUl2X/L7k49RTriAoWtQxDGmuJYFpxlTycXqa2UeVrnCxj880BGOddT4uqDb7qj9zYJOTaSnpVPL38pEc2oglLCM9QC05GlinTky4+h8S1d9NvrTp8Hr++vukmNOvp27K3WwY1bIrROm9QoELrog6n1roHWsCl37Y5cL1Q/S6tdi6wNn9RCR59oi3fwcGpEVRT7HwodLx8ZGsHlUg2GXBFBBgUikvKEbQjrAi30u9fj3/4ABd784KJliG74myN71dghpR0V0zQNDYnCUcn+AWOBvkIHDmvGGQfmPjQRYyfOq56jR8Ta+7LD1u600QRDkptNZ4wuL0lHItW4jDi/xoZykyHguBq/BMyYKWOrf2ATU1Wko+LVSLQlMpmB1ZFf9AZWCfnNaLeXTI2uZd4+4OwZqNdDUl0w4hs+bsyrNT6m5r3byCiJ+3WEBvnEmijiul6v0epJVDHWzTF0CrxATx7ENgxMNlj9u5srpOL74DK4gNzjXl/x1exzqVHftfWA9b7I/vtyHiZ4trFCu+WzdwP48f02P46YDgL25QeM1958csbCsS4NYikO72Tdiyfwr1z281HPh+IkjTCMx02ddHG9fNmVUeUO2NINlUIjbraHWIXbwJheiS9fF4Q39sUQ5iahbmFoj7+s7cyr5bC+pACGl/sqWt5GNGlNCNiFsrbgHUNYJuwyiSek7/FFqi8HryZhzXmjTbCfEFfAc6ky/15CGMVaQr6mBgj7BTvWXIDpdUthS7OHmcbEv3PveLVZkDoSrduYmDXS2zbWR0WxAVU7czyFj02rV8yH9shwIOw63e/dbCkrAwznoiBJoQ4FB8S5aNIpzDESit37RypFP+7cruLYFTdhNPi7v1A2dXGQFCXezYM1/PmFRYs/m5XRZXW4WhnYerJDAy613ohH0epjGzzS7xe0miPzjMF0IqInRSQYIFR7SflE9uY0dtgRyHiAuz9UYg6U+/yV0kcv6IYQl8002cFYY+m3R4uBxkqeU+GiKpcS61uzQ+qgOAvz0u5MipY1lPX6ABHzQjaiR4amC+DseL26i5ih8pXw/zqCGAh7HtDeTREvkyTIqKfOBPtnDI9DbflxaohrQ0guguvUd7ujHKlSK5UgBLtzUSvL+POKWkGwxUrwQoIs2NODSR/eKNGbqbkZ35GFCZsDw2eKjS+ricQIjhaVDjm59I72W5hoRKMGR2DdYnZ8qtr5ZHiHaX7XKeycEos9rupJaSmDv/ChKkI0ofXym1bzDJfcqXJ5bUX3+cl0A3cyqpxcFDlKEvb02mzBeoFX19fVbONyXFwA1MNlWoy0YvmIdpYL9Bz2+Ka3X9/cd+y7bSwp94Th2nR/0pNP3y98Lfw6X4bECvSKiLhQN0wQ8cbw+A/2SZKcsa/mgO2cnRAVaEEFuhqHxYzuVne44yM6CPpWHQwr/Zd+YnzhxiwvNgjjuGELAN5QJbiaz2XZYl3QJ+1OMB3lqHZP81EhfiXa6QAZs93hOyhzVdyZlFD9huPJjXKrWGC8IMAMd7L7rDZ++Ogo0BsUlhMmK9cOKBytPaV26LzRUfmM8mnn/dj5+Z4dZv69kXE5D3oV7IP0wbExQ5u41en5oWRr8j6f3w3Z13yrRudHIvTBr6ycrhIhXZggQaRUbYVo2hFe5+7FpA7tIDQsFSoHRAXs96dGO7pvKGUkE79TGu6m3WW9w6iO52CPOS3mHI/sq0HRC75/MCG6s7u/oqh2AEXSRrfaQXDtdx9/G6ht5VcW3f1NXultavF/UVFyhoqG/7cpyU4VwmUfm3U/Gz+uaIqJwxejDXIDjzbENAz+AxyXNkEpYKjJl57SURDveEur6Vi9mX5MuU3WmpRcUU+bzk+9Q6JWvFSjwUC25iqhqfCyNH7kI0b4o1mHzOr0bYg4+KK3C/Kk9uVu8J6QHLCCKrDnkpmFybN9ju+Huaz1jhWgREV0VqbBB6fWGzbXNOdcQ4NPCzua4dnJ/Y0YfUx6DYhu8FQWRqQpSc9F+wSX+64UdofbFh5O53xdkS44xOjYRQcjSKUwbpcb7djivVv8pzYjtjtJl94AZyVd+Z9Xlj64o8VsYYWzO9JbV+7x+v6UDH7uR1MEVW5l1ZOVcc/3076AxwuOd/yv1/ucZO4nJDNg/9ITQRbDfdgAH07AuKBgZEgLahSx5j/3JdwPJ5U6vjRlAhtpHZjYSBOASlPRWJKSymV8gAl23246ZsEnmgpgyP3c+6RIjfpbl4OsfeXQKjmNHEdvAGcknXbVBY5nZ6dm7TcHAHS+xwe+g0c7HJ3cJ3ULlp/aVXE52cfxOvp1oQ3caCoUNdCvlzvNc0z/wTYTo79DmpU5IH61fW768NcbIDj+ysWK4g5OvYNnWF4oe8Ax86CNtEKw7CG5nxD1GOP78ch9sGCqHsdUpb05Qee8nPV3I1tT/zTzOfvDvt3JrOebgcI6XGCrKSilFbwOG498ZUzE1FkwFowPNlAwz4UaI0PSlDBUd1BdjqCb+fjZrxaUbdMUOGTAhUVLXSIRHUDZHQo+U8oKFqCaKXeNobTLdnYBFQApDsUkueIevIEU1YjZI+vvn1UzeFNfbk0vtkaPFA+91jMYM3qS8PlgGxxw5xy2KMqVVyq7/JSd3hAb/QzWhIMpiboHlV7DlRGZL9CVPW1KCOJd3JchG434q73kAS8W/d5+mI+OMO2fb/KuD0sFSVErbqundZIdbJ0Ys/S/Bh4LRo2Rj95zmaXNRJrnlRrCAwDUYCpc85r26wThmce3c0RegLRV0tZO+hpKap39MAhyDsSDgTkPTKHVHrGF18/JX/Zm6N6UR7F/o7/hYeCLy0ydb5x29lNiEkFMOlQ247oVEWT8KDZxtOygWhjbKbVWM/J+Z+fuIrmsPDCDhNZqHkzEJ4i/OthL6e8f3m+pGJ4VTwBtu5cm/BMGH/sqr1M4uVPp9DU0FQFCSw6zdlYk1eCYb7+8u9QjtBhDBOmgKUX4MAHcOXHPEJoHpzzfQxFN5ASMOnG7/OSU7SMRb01MbwPcvuOgKKmOkZEIXL3iShhVnqU3FzvrG3+f8EAxdXI96mlqkN0LzXuqonl57jp8eF4KpkbqlBREfeOxKCWESbXFQb3gfDvYuxcttnPMKcTrNaabrVvL2/fIN5HdVGBOYDFCJeefblbWXYVMlC1vJwHU8p4ivsov0UxalQ5EU/UMQI8rtfoVmgya4WZwVEp0Tj8G9J0X7cxl9QtLgoUcYM0wUpWm52iP5HkrWKiXLldmk6UgnVLCzKD54bOBSVjlMYmU25iIydPDxr10o+M56y4dx9HNVgkyGoygBaoEYN10I2Q0UboS5e3gwjkLooglVfTDmfx6Ng7PB/uMB91F99OPHJWa0qYPU+Zsp+knWHbqxqXg5YayL66ziJigdY6lTUNML3VBWNFp12W35PwfbJSb2nex+OW2DfaDPXW9R8Zf08giwQzm/XU9mYsgdaz4xK4DigiGYTKUQRRIIncvsd5dvOmkMdGak/o2s20k1VixRqch2jI2HDEUKZOLPvqzCJMpoPZe8tvlkmwNuOwwH3iFNkeQEYBIDaps5D7Z65YJh0JeZ6debxEkkq30fIfs15pR826bhlP55N5wF5LVFgTD7bjxniTOjXsG4UCBKprCIEUAu9EYvueCsYETYGFB+4kgyz8ryIEAfbVB/YmnBpV1nqJ9j0U14DBbUuzB5bom4FX3rOkjYddzCDJli6SBHLWczKRsDoagB3J65jsGxShSnx+c/0SIfKPcKJznTTp0cpqWBumMDaWbDDSBqsjHM7SiYnPEypef7J2U+MkE6FOQJFWr3PcnD2V9/6NB+3tgcahckQ13fcjzwVZu/m5L1N2hiSnaFtCNNgmmf7gZhBG2PQvN4jYnqxJTSlx7NnmjSGRqDcoGNENFAKPgdBWCFAcM08S8c7GV5emd9su/EpdEo6WXjUTyqGHKs38l6cKjt3SS2kRDO6ZBurTgpFYsM1rlcqy2R6CX3tOh/Y8dF7fVB7ItTlez/ww9mmgX4gXqCIjEONhXKh/M45qBf7sMJ+cGJvqJ4GqlSC/yvW8NLUh3+j3YHmsEWvzjEtALSv6rzEBnRBKRuYb4jXOJuPuLJq6tLBBmyf7c5YL6Wsw865rkl/Rtzl4UONUBUnFwyJmcbrT3ef07Y1RfEYDoiodeUrJhO5rhiDeVRtKEAegD91ivFA8UVIW3xvBvePkhF9P6ytWOT+RGTqsVC5VWAv56NBrbrBgbCn1QyPucT+PKtXqDrd6lyycRcgE0RjayMQfLp8OFAfG+aVFibnenzvK7EgsK23eUUD0QdKK+kmII5WeLmQk07LwLpxJp7NrJ9Dc1RuvBFUF1o2hgG0Ej24R6WZ8XxCVrQU5vF2Vlyi/MxC0GTDdh0s+bizyo4unJdchyJ+0mfiWchc57ixxvksM3L8P18uWFQBE0/Wm0aNT7Sa9cRF0SLnsiiqMAZ2ooCQyV1tTd1/9mnBoYJM7J+5DxlnaYOlsFeokJWjMai5vM2SgDpvSov9qDeA6JGUAEIi7LGCgJXbYnOwtkeOoEwyQeYzNAO2ZNMqQav9FQUzym4rmBXjfb7e2m7UcdQ+xAhqsPa7/8hDq7+uShH6fc59dfZlzYWqu5oNdx6ibQnq4WHjomQYQSIy1duva3ec3UyhNQQ+TIHWLf2YqaINpHI4AqSdA5Q84Uk9RnHaeWIdY9yyjwbISbSUC01rtyLNUKdCMLf5QFGct0OAd2QdeIplAxgsR+QlYoKlgnMJgIQzFlxsok0ZlQoDv2iGr0rbtMMLOjQceyygQ/rPVe1oDL8M/TjWgDLAPK3WiTz7hairJEu8fxjxYmMbXZJ7Awgl0RX4T/RGzn0VVWO3WRR9pvE7O0+Pg5r8U0EqajsyfFl7+SpVT9wJsXFSesuRQb9WUtny3+KMxR5dew9dEp6M8d6+CLESaiHbyjkThU8fNY4Kn84ZHTuwSTjgoxjWeAl7aR+Y1XLUte/YsjB+qiUylo5VSwLdTr/aWopzIUrJO6OMSXYeqJpp8G47B6d+0Kw8C2GULEpkxa7VH/tFzMnMDm5NuK6VSfjGCbOUSFOSSr+xR/7fBLiwdsXB+ndNQSp3Qb4vW78cCmtyEew5VMkp4QacgkRkP0mWfWr0zWl5VLpYa4VRQVlyTw8yUEVTgptHSZ7A/yZpe6kha1dIcgZdupsTwwl6edwMq64nDKLJ5U7/DB58HLlNnclzsWPHc7IboLTEOKxko3bg+7prbXu6sNi/TwMekHaNN2FLfYIlnkoZHa6GIZP+7KoFBHEYD9bCTfJAo+Fyp/xwB9U9aRVeIIXdykrvV23pGRvpDsrkJrBOnYEh5TqX+O03Emj0TGszEWI96hP7IolIP5g8ubwwFnkvIMvIY4bq4QCMR23ElqpSqa+KcCQi6BY/tc1SE/hKeGOr1J89nlyOLj5DDFXf+MAOHnz4ze48s76vOVdaafP3YpJz67K6PZILbyU1IPQyEYonMDpBJ3i7zzizck9UThnHG8NAIuG3F/p1/e1cB0a806eKJZtxLULWF4ugBslKNzk/RymXIgmDXIPq+OiLbTk7fKNK11u8hXQaY6v2zphMjmABSOMAil7TrlSk820JZBAnnLRoYfUnG1p6VlVM5DHCh3qzM66re6XSgOyoehhly0SN98HqNxdt2NmKqYk4dumzCEI1L+/V06YayXRvM27dYnpZXwkhTAFH2tXY4+MNZSyPI4OYdmTwHC+/xBpHrTEX0Ja432hgTE+7EiLrgK5SNN4WNutiCGpj70iD05dsseuneL0DM/4Ie9QgVWtWENlqYX9smj1U+z5XqJMC3LWLmCdUIKsn08P+gg33/+tBI3AzUU3c5hGUn4K8UUQJDMiCH0PrnOU+Wnr/6+obc1op5c0+LEUhZn/2H3DxFtS1wIyGFo03fG39o2d5zVmn+knxVoj557YIPhyVc9URh6y0U57tF6MrfgwvN5yk7fAldZa1V1Mq+C5CPiHq9d9BhId5PsaaOO4DKUOOXwnLRhLSHLWFPOj4Z09DoNW1IL12HeMUyaLI5KTR8UqfCNqC7+kew31s0A6epLQZmfJJ9ayJtYq9Lm4EOQrogEMcYpTXQXHg+u4X8HU6aVQvTDi0E1DNmYjpyoijl79ahSTR2VrLxUuN9EopYTGiVinQ6GBR36A3fjTW//fZNatq338/n+TKdlJCDoNZe98Xuj7mCPLvY3vuQliZ9rCPynS30ECtCgMq35G/FlD7TDr1I3R9j6u9wKlbm8pNor6clJFIMELe7ac8Fj2I+di2UWqYaiZRFp9buotJNWE/ss8pv9+fwXABRG8n+yZHuQmql+MseTixvRBfepOMPjOQPqlW5DjsQKjQkCdh4k8Lu80TUA60OgLVBbl/lypeXG2T7YfRW9fzli6MisJ00mtkZyV2VHHzqGkxUjJEGEKQKPy2cGvz71vrSKTWINfid8ToG+DIDEVgDW6CKVF6bMGTP8EbTgp6RJ3h7KOSDaQWzp63xsP+VKu4lNvQSlU+JeV1yFzufIS4j5pTjxOXjOI/733b8+5yITyljILZG+ESnpZS41AgqGsrWCNabCLbv62WA7BmvbKpAtqEW6w8/ZUrK8oXRWzuc+afBUijrYOzCQhwPZ4wH9Xm1CtCQ0nlkAqtJECd7A65L3zLARImNy2+yOP7kk/bT5D02mgVCc2L8IAczZ/ssK6h9wXMPvmi46DJQfedYn/+4ql+NW9iJ0NuOyZ+W5F8SvfJwPjESQQkUlE42BCplqTCCw5DAFx/HjBKmtJCLUMTWlKu+zmgVfLUM4phNxE0WKergRQ/Qa4Fmkc7Sq70ymy7BfvOqM/FeK5l7G7hX/GQVi/3Kelhp8k3wbyUVcxTy1UaMPYFp253HCIMnMzlR6KNb5hfpKYEUP5ugP1AqXMEkrVzen6TwFKvYazbSbWBIscSdsEKvRK81m35+O2ESqWRae2rZKyuxeI2/IWj9Te1GLAMnZ1+JxK8jvFY82KcyhZ4VL52Mdc7HRp2MkMp0M9l3mZjp6lHlnM4KBKkDR+0I59VPvLx73ksILKTivqUGyZhmm+3ljq+tNL8E7yMdF8mjCuM2x3kRAFs3Bb69X1MJx3Mz9+OjDMKeZhNVUQT/jlFTYExPu2VRv7SU2Vk7+iortsc9fhMpIWZfz4KNCIiZ3Ukz6xgixzbxMWio1D0QUpCIvXnLDLSW9Ufbbo0B5aJWNEJQXMJbVy5bC7SE9Zpqi/+/tXG+6n3+GGeucudnbHr4Ye4dA5uQkz4LBJ0nv2sqHY7F47jd8i0rhlbrSqPfacXJcqoVLW6NIQ/NcxS4S6ZZpkUQPV2OyPCd8k4cu3x1p/eW7QJ3nmQpuGAAySXyQBWx/F4fU8MyVw/81Opn2xzpfqrlGCnX3SZzpJxW4OJfgKEEcqhOqdKsq2ld1snkErZQV/SHXO8UkY9TjrppEaNwTG/a+Xa0tAdsV5PQTO06GIb0SIEeNWVelJTMVmu65AAgh0H0uheUFZMpXi/l2bMcTLK+9Lf/xcqPocKwn0jgRpg8ytLZ3C6Eq+ndMcs1fuvaxeYXeyQJD8mdMER8wXp+gYD8bYL6tdDL/xYd/4KeJVwAFmnfNHcViYypeJxE366RePYyXFsRYovyLYISKb66q4e2nvqaQFIMFlih89Nd5b0RJpvj0wdp6rG+M8LV3O2zEPOTIcDgty606tGQGb1ilIvcYh36rYrsEyYC01jdUtLR2Zelzx5sG5rkxa7zZUFtpQ0dHhhpjRZh/i8rNKeQ/GYx/gnhgJVVZ0GtqlgKkB0GLoHzgCS011T3Wc5ZF923UHtZEZBrKtJtvACnfnYER41Sr+QxcBwvor7i7XaIDJ/xnSwvC3KerYyDHRh59t+l1N5W7ynbdmBhNRGOauYKllEr11ykln3XqO4QU4el2nebsGcgJRYlIEHe85ZRivsqyrgu0hSe6NrbiA+TIANbrRVSRme3TTPsxb+bTqniSeDEmAwJsZpXzpQij3S6A3jBwZnmo98E3vTAIao0wpS/rjfpQtzebESZVSvyF9JvJghjIuLl8GvPpxSIbPP2wbRX/IvWBCEaH8KYJFu3HURBFB8xBfP2BOg6T6FLHfcRFIT2K87BkH7mmzArS9Wqu/UbbntVQ78xJyjhMajWeMZVdaU2Vk40QbLZQVLQjFOp1DhjeyR0HHhfcSBB+XLANgn6NorubRRTjafGgZUiLeTThDc0yAJPiqwEnt4WMJSjltmaPL+Yi1Rhb9jXExK4KbvDJpR26GqDtc8eOv23TloHxNlSwKX8RiqYUpCwhp9vll8EoGIduu66YCvtQFjMNIOsBcGX7wcMYxjx/nt4XeSeJuEoz9PRb39fn4Yo7ZrIiKqxSZW7Bp5pVeDZeQHFcUTU3TrJcjx/k2o7qT0LRiiOTp5sh+5ik2b/JrXu85EwftPkxqs5GEe/CjJi0kbN+hbaUX+t00hd6pK+4QZNi76DQrqxvjEn56GS9yoLwXzu+tH5N+QbuRIOQGWo3G/dhfLA4U5qN591Uqey7k0hhweS7Tocy8fWZkrXHCrfbcnQ+W89kE7YuQcx0MrPiv36aumaUztUOCJtEsxSTOmJqQdznvcuUtiemJTrNSeZi2kWQyWWDq0fO89jIvtFQpUICPVQc2GpVkKPTFzUYG8bfIkmGCZl84+QEB04Gl0+eYyE4b9eHszb3Czes+B9v+0DTgtuUtR8wFG1EuBjIzQ7pnmJZmKfC63ZuZAP0IRA/mufUvcakckVzg9eQwEkfKRHFxQ2IbIdB72XfkGxB/xmVnzT9L2Pr8+oyQDk4zvbHyBqbWu/Qw/25Gg+3oDQNxj7IPQ3Sa5CyxvRh7OKlzMk8N/cfSzWSILM7eai+Yf2iyFg3qqgXWYuCMxfqgbMsAh1r8YKIwhBnsAIE8K4SJl4QImcCqHp2NyAxhukvqTDwFnRHi9OUDVkT0ziu0w5p08aJ/ii3DOz1dwwNLPPfjclm97qbRyka1JlaXXLZsSnqWLafNA1I6WtC3BPUs/78/A9L1eYxLAZyVw/MtCfjNdRnVrxefRRev0vviSM7IDnjrQfw8PZ9bqfF6V1uSlx30Jpg5ire1U09wtyJwNy6ScSXriqTx7TMnyJOs6vnMix3GoW4FFQvQJSwsPsq2u20Z055OWAlmO6dCybBQts6t4mUCE2RjE3kPPMlr8gYTsPeXjwkaJqYuf1cVOZ3ds7wB8kZYRnEsqKEAB6HfA8XEXnI5pRvSN1uzibDSCzIpA6sTX5VJsip5IH5NKaFqiOYY7dq5P8X1U+HMQI6Vt5hylwfVy79CgFa7QWFWNQCReR4Qd6eD9yKruXMjXkVhVNTHxgnEuqNH3UnPEvFOObd8wV+O9klt+YOdht772DYWVf6X0thiJj17CE8eZiyRdvrSnYngEtYO1CkSRc8Pdr5qIgvWi7QuxPq740yD0m18AcuNEDnzizyaF6RwS/9WbBFKPase43Om+MiEzRZsbTyVbzeIsh2LYrDrkDHOVrf0qcR70RJIapfdwS96VladEwSzfrjBj0YJx8V6CLeQ2ZTMYAgiMZtuquqBJjDz62UtZ/HajG2G1NQhKDp3xAW6+BYLDuk6mbTe1tVZv85HJzaZYo7qJtzXkiWbqNLxSh/QXaU6Vua5uLrq5vFOOmHRfLSLV6W0rN/gfrFuslOLTWpT+v2WTsq+N+cTbgXLDEjYpuH9KhomQ6u/IfzkUyIFahjKx+Jr8MIRNTzTD/TwZmOlvSraoQoc9zyVmPKbtfmt0/6IHIXw5rR0cBAe695qd8nNNHU1f5rW3KRD5+8dBUWoQJRqYzmKSU0yuLTe30KYjBKlHqomEneUI1D6s85mnx+ZJrefQrrRfz0M+HOn4MazFqQJAXhm1j6asohXAeixRrbJBxuIKniKETUUMNKZUrwnx19FpV7skvOH+y7MH3TzuPsKL5eA3R43dkmMtrOg07GpO8SVlwKeZgeWmc5kshjNPBQLzD1i3KS3qzmjV8C9Go2f48YYQfOIYiWb/EZylDmLu+rOIIgeVbyTPJ8QPCZ2mS154bd/oeeNP+GLMZybE5eWhv6Z4sUliwaTf9LS2oxz87+WaKhZTY4ozn7wC9712EnQgcHRIYCtEiBtEhLc/cljigdAsxTgGAuI1mgob30YpWLvD+Q/DSX9yIJZP0Y1cHxkuBK0zy/gO2FU1Zd9hkuBmCL5oPSXKJJhVBmyG3Bb6eATUb44RG9R1l2oIRMDE9arBcfNCPu1IsBnWfi5O6ZZVMpWEE8PiJqSRQr+yFeDQNJFxVmjvWaHF4zGBb/NiQGiQjPCrUHDLxrpRHETPfvMpPX8tB39C8dEyFRvsI5pnGzsrQspBDMl/rRoZYOZTjLPNVwIe7LR5wacbBVwOFfMOntUv0wIqlJ7/EikZgFp1a47XgPWp27zGRK6OHCLbPAUDMTal/RMHbzW0ukE8S+87Zp8bzornD7bY1QW3NF8ZHPqnLq8glx8OnT24N8Bt2oS/mhr5lgRzTf6lvi1eYKMem9njthuScmsnE4FLAkLzlK0K9XVNkQX8D27079y4Prpne01yrZmaJEgDvgojXDV/G9AXbsEk8zgn0gua9rxxAyzZSS76FJ/cp9QTHcvanli3mgGJ62DR3h0Vbzy3sNlm6f8h9xz3m7We0ug6CGFL179nhK/VLXUpWLCuWnV6b82+5OTIhj3MJ1lXZEhvNcyW+MTid8AS0FxzXb8H2IhAsV0wjefCZkjTR/mtdOWuJMNXo5IOQmSTIeNlHaE8Sb6SPw53QCDm/ZqgO9+mHvrmeiewCfedCirEhbN2nUl+RD4gQ5Q+CQhLPcliIAp5Mpi+VdpEXl4l7Sc8JncBg6TT759dFW90u6njMLETtoY60PBVcBpYuVkhpEyxC9RpmLv2gAg0njXAG8Hw8oKs+7Tvmd+LjR00N2nrQM7WPfxO4VaFMlSdK4mNiVkTnMvalPQepRoF4fTeMsbS85vrMSlRLNxzqbzy7Z2jxKrbdelRLU4AT314VZbSlVfn5LpyjhDzaBqFb3hIm6rwVuEXIwQTyRS2G5uCpJOy1aOMzHWLkmOz6+gIirC33GiRw92UIsdDD7ym9Y1qkY9HBQL7KdO4PALWT6HQVMub4h6WU5+4x4LU4OzNfwC0KJQmKrrnVpqN++qwEVUmRYO9YVIw5/kThNiiHwNhxgjKPJUi1GXUpc/bVXSTKFCv1HE7/fh47Uf+nwy82K+JlvCWi+MoDSFjJHuZToVCdkyu2lGM8Ooqz1t6xWOOCdrxn9MQK7gsfi02YeYZYJwUvU+Aczxb2A6kD16Vc7oZ7Ef6jq3yPmJelRemfzQxkiePi2jG5AEqMJnKja/ituTxrpa2SYG75zE/uWy/zAa8kMpNjvXta4CpPK7XIIyPwlb+/l8VYGM8HRVpep9uARemcee1m5UQsGj7HAB0VhwjqJq7AgXHAwmamaMGQ7VPh3rP0LBiHXBLMrqKOTIUiAECWTvonHzfygUA4m2LQu15Dfs278hi0Styv3hsWS8S05drbrctG1NrUkZF255/b4Q3OYUXasdY4SAVs8yGx6x0MWWjS414XHmkKxJjO4SaWwV9LyS9fB74yog5dtks2tW065VZF1ZX3q8PgrrTq8b7ChVopBHyhu3DrsuX5HvgVNhqxTlN04h8W0nTpSrpDc2YMiXo2/CguckMVj3yg15RNtgwAB7mwuLBn5EwOhYgOetw7zcw4bSjQHPuivTmYpUZutwbDhuXk+spAaEFI3t/8nN4DtSf6naMs10/kNBWsAicqNWFlLp8bCsEudGDGv9F55sv

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 3 IoCs
  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk
  • Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 32 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies data under HKEY_USERS 1 IoCs
  • Modifies registry class 37 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Comprovante de depósito.exe
    "C:\Users\Admin\AppData\Local\Temp\Comprovante de depósito.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4724
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Modifies extensions of user files
      • Checks computer location settings
      • Drops startup file
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1032
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:1536
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
            PID:4800
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3740
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} bootstatuspolicy ignoreallfailures
            4⤵
            • Modifies boot configuration data using bcdedit
            PID:2196
          • C:\Windows\system32\bcdedit.exe
            bcdedit /set {default} recoveryenabled no
            4⤵
            • Modifies boot configuration data using bcdedit
            PID:2304
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4444
          • C:\Windows\system32\wbadmin.exe
            wbadmin delete catalog -quiet
            4⤵
            • Deletes backup catalog
            PID:3520
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
          3⤵
          • Opens file in notepad (likely ransom note)
          PID:620
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2148
    • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
      C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2644
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:4576
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4840
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 4840 -s 4580
          2⤵
          • Program crash
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          PID:3464
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 4840 -s 4580
          2⤵
          • Program crash
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          PID:4816
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
        1⤵
        • Modifies data under HKEY_USERS
        PID:2320
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
        1⤵
          PID:1800
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -pss -s 412 -p 4840 -ip 4840
          1⤵
          • Suspicious use of NtCreateProcessExOtherParentProcess
          • Suspicious use of WriteProcessMemory
          PID:5108
        • C:\Windows\system32\wbengine.exe
          "C:\Windows\system32\wbengine.exe"
          1⤵
            PID:3812
          • C:\Windows\System32\vdsldr.exe
            C:\Windows\System32\vdsldr.exe -Embedding
            1⤵
              PID:3808
            • C:\Windows\System32\vds.exe
              C:\Windows\System32\vds.exe
              1⤵
              • Checks SCSI registry key(s)
              PID:896
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4280

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/1068-134-0x00007FFC8A183000-0x00007FFC8A185000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2148-135-0x0000015EE1760000-0x0000015EE1770000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2148-136-0x0000015EE1D20000-0x0000015EE1D30000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2148-137-0x0000015EE43B0000-0x0000015EE43B4000-memory.dmp

                Filesize

                16KB

                Download

              • memory/2320-147-0x0000020067F90000-0x0000020067F94000-memory.dmp

                Filesize

                16KB

                Download

              • memory/4724-130-0x0000000000D50000-0x0000000000DB4000-memory.dmp

                Filesize

                400KB

                Download

              • memory/4724-131-0x00007FFC8A183000-0x00007FFC8A185000-memory.dmp

                Filesize

                8KB

                Download