b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44

Analysis

max time kernel
72s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 09:59

Target

b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe
Size

347KB
MD5

94fd65c600ed754dcff53bf9c62672a0
SHA1

fa81cfa9b4f33fdc3eca248b0b445455b5c1d5d7
SHA256

b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44
SHA512

848d80e1ee5dcc3a9132ac02fb51fa54c206744880fe04acbde448c4b318ab14076c81e37da5de44c57ca63e7de15622d331075d1a6209b4993e84d2c4359905
SSDEEP

6144:HC5gqTN71xWDD7k0SIufIi9caMvb4lQMKLjP1REVhPMdELungetN:H2N7u/7ZuQi9WvUaMKLTYvAltN

Score

8^/10

ransomware

Modifies extensions of user files 3 IoCs

Ransomware generally changes the extension on encrypted files.

description	ioc	Process
File created	C:\Users\Admin\Pictures\ExitRestore.png.jcrypt	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe
File created	C:\Users\Admin\Pictures\InitializeMount.crw.jcrypt	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe
File created	C:\Users\Admin\Pictures\InvokeGrant.raw.jcrypt	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	b180f13d745f4b2dc2601ad87eddf9c6f5de1c91a489bc85884d3c7a9e0b1a44.exe

memory/1116-54-0x0000000000160000-0x00000000001BC000-memory.dmp

Filesize
368KB

Download
memory/1116-55-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/1116-56-0x0000000000580000-0x000000000059E000-memory.dmp

Filesize
120KB

Download
memory/1116-57-0x0000000004A65000-0x0000000004A76000-memory.dmp

Filesize
68KB

Download