078d03f798ce2c658d0fc1267ba141e836ca618e136c8f01b778f1e8bfb3721b

Resubmissions

28-11-2022 19:10

28-11-2022 19:09

28-11-2022 15:04

max time kernel
392s
max time network
419s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 19:10

Target

fix/data.txt
Size

630KB
MD5

be6d4df1763d3f91b6db17aa0eee9d07
SHA1

3618ccdde4d819cdb211c496e9a7667eceb1d48a
SHA256

6da554b8972aeb32e3e0629ccc8be44c2370ed98c000ecde1789dd84cd474ff7
SHA512

f1cc1b4fc10819c85550bf7973021cec18c99cc749424224cb8572971e80ea055c9483d9d190556d768b81cf5efd0ab0c952260ad61d10a3e633d8686e97b238
SSDEEP

12288:Im1Mcw5EO6dHvDe0P3lx5EBto8BkfzNbuTyGrC6N2c2mcsAMzRGBRA4cZDA:rMFEO6dHvDe0P335EXpUNSleQ2cYCGLx

Score

1^/10

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1368 NOTEPAD.EXE

pid	process
1368	NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\fix\data.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1368

memory/1368-54-0x000007FEFC091000-0x000007FEFC093000-memory.dmp

Filesize
8KB

Download