Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-09-2022 12:37
Static task
static1
Behavioral task
behavioral1
Sample
Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe
Resource
win7-20220812-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe
-
Size
232KB
-
MD5
60fabd1a2509b59831876d5e2aa71a6b
-
SHA1
8b91f3c4f721cb04cc4974fc91056f397ae78faa
-
SHA256
1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838
-
SHA512
3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a
-
SSDEEP
3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi
Score
10/10
Malware Config
Signatures
-
Chimera 64 IoCs
Ransomware which infects local and network files, often distributed via Dropbox links.
Processes:
Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exedescription flow ioc Process File created C:\Program Files\VideoLAN\VLC\plugins\access\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Microsoft Office\Office14\1033\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\VideoLAN\VLC\plugins\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe File created C:\Program Files (x86)\YOUR_FILES_ARE_ENCRYPTED.HTML Trojan-Ransom.Win32.Chimera.a-1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838.exe 3 bot.whatismyipaddress.com