Overview

overview

10

Static

static

CashCat.exe

windows7_x64

3

CashCat.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    136s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    23/05/2022, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CashCat.exe

  • Size

    518KB

  • MD5

    e22f15441e597430b069dad9f72889fc

  • SHA1

    6310f4db3726fdb52514718a402ede2db38c71bd

  • SHA256

    fa6855733a1cca500f3088b535808fc8093d67cadc9b34ad4ca7ec0170b25e03

  • SHA512

    b23e6c94b64cc18b42bbd6c95f07e335fb631fc8a003b01a64671e01067dbf8fa265cd4df30c6bfaca5ec61c068fa41d64b28b3c90bd88a1ee12ec13c7197469

Score
10/10
lockyransomware

Malware Config

Signatures

  • Locky

    Ransomware strain released in 2016, with advanced features like anti-analysis.

    ransomwarelocky
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CashCat.exe
    "C:\Users\Admin\AppData\Local\Temp\CashCat.exe"
    1⤵
      PID:3136
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
      1⤵
        PID:1444
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2480
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2640

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2640-134-0x0000016F688D0000-0x0000016F688E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2640-135-0x0000016F689D0000-0x0000016F689E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3136-130-0x0000000000290000-0x0000000000318000-memory.dmp

          Filesize

          544KB

          Download

        • memory/3136-131-0x0000000008BE0000-0x0000000008BE8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3136-132-0x0000000009480000-0x00000000094B8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3136-133-0x0000000009460000-0x000000000946E000-memory.dmp

          Filesize

          56KB

          Download