Analysis

  • max time kernel
    104s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-10-2022 17:26

General

  • Target

    fb3f622cf5557364a0a3abacc3e9acf399b3631bf3630acb8132514c486751e7.exe

  • Size

    3.3MB

  • MD5

    68bb371accb1bc914675c0ab626a9019

  • SHA1

    802a5fc4f1fdfae4a8cf99a4544c191641f9bceb

  • SHA256

    fb3f622cf5557364a0a3abacc3e9acf399b3631bf3630acb8132514c486751e7

  • SHA512

    d72af358decda2f2caf1a7f1f6d83d457e0c6156753362a9ae1d3118dbb7706acff019be160028045ca2d22281fae4abf0ffdb6f27680cade0ade634e42bf84f

  • SSDEEP

    49152:Nr9+Z4T+qn3bYXIFgY7LUvRL5PXwTvewrPiRnmUf:59+Z0nnFTUXCb

Score
10/10

Malware Config

Signatures

  • Nefilim

    Ransomware first seen in early 2020 which shares code with the Nemty family. Rewritten in Golang in July 2020.

  • Modifies extensions of user files 11 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Drops desktop.ini file(s) 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb3f622cf5557364a0a3abacc3e9acf399b3631bf3630acb8132514c486751e7.exe
    "C:\Users\Admin\AppData\Local\Temp\fb3f622cf5557364a0a3abacc3e9acf399b3631bf3630acb8132514c486751e7.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini

    Filesize

    648B

    MD5

    0e52e7fcb20a6f08fcb4d0bc06019d50

    SHA1

    3df06afdc3d38488957e7d92cf2fb2c08b260714

    SHA256

    f49b834b97e0074333efa76850763dc3fe68143b1c17041eb569fcd601daedbd

    SHA512

    eaa01a125534b972a82cc7f3459e4039bcffdcc5857f8894385573f20668bccd4f6d367356125b336c69f7b5f0f53d78183f673704f05d7d1b900cc4f4f1fd67