Overview

overview

10

Static

static

591e7f5eb1...8b.exe

windows7_x64

10

591e7f5eb1...8b.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-06-2022 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b.exe

  • Size

    62KB

  • MD5

    eb5d62f37c2a7cdd355b483d06ff7278

  • SHA1

    e21b853bd54e1305f3c0d0eb6f8da52b70b0d722

  • SHA256

    591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b

  • SHA512

    80c377cfe3f707bb118740b98f2a04f8e3700394ff7519e09f04a861a2ed91e516337d729526c4203f41c87ffd2de9f6542a9f0986d73f7fec4e32740adfc4b3

Score
10/10
seonransomwaretrojan

Malware Config

Extracted

Path

C:\MSOCache\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
SEON RANSOMWARE ver 0.2 all your files has been encrypted There is only way to get your files back: contact with us We accept Bitcoin and other cryptocurrencies Do not try to reinstall operation system on your computer Do not try to decrypt files with third party tools, this can lead to data loss You can decrypt 1 file for free Our contact emails: [email protected] [email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\readme.hta

Ransom Note
All your documents, photos, databases and other important files have been encrypted and you can't decrypt it yourself. No one but us can return your files. Free decryption utility does not exist. Each file is encrypted with its unique key, cryptography based on elliptic curves, key recovery is impossible. Focus on the problem, follow your instructions and everything will be fine. DON'T PANIC! YOU CAN RETURN ALL YOUR FILES! FREE decrypting as guarantee You can test decryption 1 any file for free (with help our special software " SEON Decryptor "). What to do? First you should write me and i'll send you a special software " SEON Decryptor " (this software needed to decrypt encrypted files). To start the process of decrypting ALL files, you need buy key to the " SEON Decryptor ". Contacts E-Mail: [email protected] E-Mail: [email protected] Attention! Decryption keys are individual, the keys of other users will not work for you Do not try to decrypt files with third party tools, this can lead to data loss Do not try to reinstall operation system on your computer

Signatures

  • Seon

    The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

    trojanransomwareseon
  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b.exe
    "C:\Users\Admin\AppData\Local\Temp\591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b.exe"
    1⤵
    • Modifies extensions of user files
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Windows\SysWOW64\mshta.exe
      mshta.exe C:\Users\Admin\AppData\Local\Temp\readme.hta
      2⤵
      • Modifies Internet Explorer settings
      PID:1988

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\readme.hta
    Filesize

    16KB

    MD5

    648ec33ca711ee08410f0cdbbc60325e

    SHA1

    7dd2e502ca3366e090b08565c879371bbb6af028

    SHA256

    83760bdab06a2b3214871d736e8c0705818fc0f668e294d5d0aa3ca1e6ae426b

    SHA512

    3a77d9ac2629bf4c524f8f0178620bda5cc5a1c814a17a6db4a4d8eb5c43c141762204fe593fdb54fe4405f052143c69e8bbc178db9c7846d8ec7b0fe36fe2c8

    Download Submit

  • memory/1664-54-0x0000000075581000-0x0000000075583000-memory.dmp

    Filesize

    8KB

    Download