674f6b6d5a273b7fb5931960f58fdd5165b42f9ae3636f15233b8d6b06bceeff

Analysis

max time kernel
102s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
18-06-2022 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.exe
Size

300KB
MD5

73616cce2df45725fa6f3bfab015d667
SHA1

4a262fd65081c252a2d0ecbb3daaff9f7f5ff162
SHA256

91ad37aca29eb3cc4f5b84cd5128e4f881f9b1e6d91a8c72475a4179e0acebe6
SHA512

fc1e599f268b73ba6cdb1629d560533f886aa8f9d503128bc35a5fa3b9c9dba4042d7c46551cdd33792cfe8919259216c42031772b322f65cbfb66548a7cbcfd

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 11 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\CheckpointMove.crw => C:\Users\Admin\Pictures\CheckpointMove.crw.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\CompressGrant.tiff => C:\Users\Admin\Pictures\CompressGrant.tiff.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\RemoveSend.png => C:\Users\Admin\Pictures\RemoveSend.png.nigger	2.exe
File opened for modification	C:\Users\Admin\Pictures\UnregisterExpand.tiff	2.exe
File renamed	C:\Users\Admin\Pictures\UnregisterExpand.tiff => C:\Users\Admin\Pictures\UnregisterExpand.tiff.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\WriteRedo.tif => C:\Users\Admin\Pictures\WriteRedo.tif.nigger	2.exe
File opened for modification	C:\Users\Admin\Pictures\CompressGrant.tiff	2.exe
File renamed	C:\Users\Admin\Pictures\ConvertResolve.raw => C:\Users\Admin\Pictures\ConvertResolve.raw.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\JoinUnlock.crw => C:\Users\Admin\Pictures\JoinUnlock.crw.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\RevokeSearch.tif => C:\Users\Admin\Pictures\RevokeSearch.tif.nigger	2.exe
File renamed	C:\Users\Admin\Pictures\SuspendFind.crw => C:\Users\Admin\Pictures\SuspendFind.crw.nigger	2.exe

Drops desktop.ini file(s) 35 IoCs

description	ioc	Process
File created	C:\Users\Admin\Favorites\desktop.ini	2.exe
File created	C:\Users\Admin\Videos\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	2.exe
File created	C:\Users\Public\AccountPictures\desktop.ini	2.exe
File created	C:\Users\Public\Downloads\desktop.ini	2.exe
File created	C:\Users\Public\Pictures\desktop.ini	2.exe
File created	C:\Users\Admin\3D Objects\desktop.ini	2.exe
File created	C:\Users\Admin\OneDrive\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	2.exe
File created	C:\Users\Admin\Contacts\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	2.exe
File created	C:\Users\Admin\Documents\desktop.ini	2.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	2.exe
File created	C:\Users\Admin\Links\desktop.ini	2.exe
File created	C:\Users\Admin\Music\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	2.exe
File created	C:\Users\Public\desktop.ini	2.exe
File created	C:\Users\Public\Desktop\desktop.ini	2.exe
File created	C:\Users\Admin\Downloads\desktop.ini	2.exe
File created	C:\Users\Public\Documents\desktop.ini	2.exe
File created	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	2.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	2.exe
File created	C:\Users\Admin\Searches\desktop.ini	2.exe
File created	C:\Users\Admin\Pictures\desktop.ini	2.exe
File created	C:\Users\Public\Videos\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	2.exe
File created	C:\Users\Public\Libraries\desktop.ini	2.exe
File created	C:\Users\Admin\Desktop\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini	2.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	2.exe
File created	C:\Users\Public\Music\desktop.ini	2.exe
File created	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2.exe

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
PID:3272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3272-130-0x00000000000C0000-0x0000000000112000-memory.dmp

Filesize
328KB

Download
memory/3272-131-0x0000000004B50000-0x0000000004B72000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads