674f6b6d5a273b7fb5931960f58fdd5165b42f9ae3636f15233b8d6b06bceeff

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
18-06-2022 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.exe
Size

299KB
MD5

5995ab21a51618aef0c7aef5b4d82f76
SHA1

55da88e2d5dee9134469ddc416b946cd97143c93
SHA256

a87536fa66b6840d22b702dd7450f79140e88794fd466ef0320ba3b664964baf
SHA512

b6ba33c85899e44a6706a6e2aed756ecff177c15840e4ea715ece45702da31f4aefaa68d560a859456a17d2cc76923049c452a4618c119cbc52d0d4da1126293

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\InvokeJoin.tiff	1.exe
File renamed	C:\Users\Admin\Pictures\InvokeJoin.tiff => C:\Users\Admin\Pictures\InvokeJoin.tiff.nigger	1.exe
File opened for modification	C:\Users\Admin\Pictures\MoveBlock.tiff	1.exe
File renamed	C:\Users\Admin\Pictures\MoveBlock.tiff => C:\Users\Admin\Pictures\MoveBlock.tiff.nigger	1.exe
File renamed	C:\Users\Admin\Pictures\StopTest.raw => C:\Users\Admin\Pictures\StopTest.raw.nigger	1.exe
File renamed	C:\Users\Admin\Pictures\WaitPing.crw => C:\Users\Admin\Pictures\WaitPing.crw.nigger	1.exe

Drops desktop.ini file(s) 35 IoCs

description	ioc	Process
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	1.exe
File created	C:\Users\Public\Downloads\desktop.ini	1.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	1.exe
File created	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	1.exe
File created	C:\Users\Public\desktop.ini	1.exe
File created	C:\Users\Public\AccountPictures\desktop.ini	1.exe
File created	C:\Users\Admin\Documents\desktop.ini	1.exe
File created	C:\Users\Admin\Links\desktop.ini	1.exe
File created	C:\Users\Public\Libraries\desktop.ini	1.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	1.exe
File created	C:\Users\Admin\Videos\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	1.exe
File created	C:\Users\Public\Desktop\desktop.ini	1.exe
File created	C:\Users\Public\Documents\desktop.ini	1.exe
File created	C:\Users\Admin\Music\desktop.ini	1.exe
File created	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	1.exe
File created	C:\Users\Public\Music\desktop.ini	1.exe
File created	C:\Users\Public\Pictures\desktop.ini	1.exe
File created	C:\Users\Admin\3D Objects\desktop.ini	1.exe
File created	C:\Users\Admin\Contacts\desktop.ini	1.exe
File created	C:\Users\Admin\Desktop\desktop.ini	1.exe
File created	C:\Users\Admin\Downloads\desktop.ini	1.exe
File created	C:\Users\Admin\OneDrive\desktop.ini	1.exe
File created	C:\Users\Admin\Searches\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	1.exe
File created	C:\Users\Public\Videos\desktop.ini	1.exe
File created	C:\Users\Admin\Favorites\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	1.exe
File created	C:\Users\Admin\Pictures\desktop.ini	1.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	1.exe

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
PID:3584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3584-130-0x0000000000020000-0x0000000000072000-memory.dmp

Filesize
328KB

Download
memory/3584-131-0x0000000004AD0000-0x0000000004AF2000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads