5339981168dfcefb874dc7e82563fa7aca047f17b1184ae8db9336a2335473a9

Submit
Reports

Overview

overview

Static

static

exe.ransom...99.exe

windows7-x64

exe.ransom...99.exe

windows10-2004-x64

exe.ransom...55.exe

windows7-x64

exe.ransom...55.exe

windows10-2004-x64

exe.ransom...FA.exe

windows7-x64

exe.ransom...FA.exe

windows10-2004-x64

exe.ransom...41.exe

windows7-x64

exe.ransom...41.exe

windows10-2004-x64

exe.ransom...98.exe

windows7-x64

exe.ransom...98.exe

windows10-2004-x64

exe.ransom...10.exe

windows7-x64

exe.ransom...10.exe

windows10-2004-x64

exe.ransom...26.exe

windows7-x64

exe.ransom...26.exe

windows10-2004-x64

exe.ransom...E5.exe

windows7-x64

exe.ransom...E5.exe

windows10-2004-x64

exe.ransom...DC.exe

windows7-x64

exe.ransom...DC.exe

windows10-2004-x64

exe.ransom...92.exe

windows7-x64

exe.ransom...92.exe

windows10-2004-x64

exe.ransom...3A.exe

windows7-x64

exe.ransom...3A.exe

windows10-2004-x64

exe.ransom...AA.exe

windows7-x64

exe.ransom...AA.exe

windows10-2004-x64

exe.ransom...5C.exe

windows7-x64

exe.ransom...5C.exe

windows10-2004-x64

exe.ransom...A6.exe

windows7-x64

exe.ransom...A6.exe

windows10-2004-x64

exe.ransom...AF.exe

windows7-x64

exe.ransom...AF.exe

windows10-2004-x64

exe.ransom...11.exe

windows7-x64

exe.ransom...11.exe

windows10-2004-x64

Analysis

max time kernel
148s
max time network
163s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 05:59

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx medusalocker

3 signatures

Behavioral task

behavioral1

Sample

exe.ransomware.babuk/00/99/96/0099963E7285AEAFC09E4214A45A6A210253D514CBD0D4B0C3997647A0AFE879/00999.exe

Resource

win7-20221111-en

ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

exe.ransomware.babuk/00/99/96/0099963E7285AEAFC09E4214A45A6A210253D514CBD0D4B0C3997647A0AFE879/00999.exe

Resource

win10v2004-20221111-en

ransomware

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

exe.ransomware.babuk/00/E5/59/00E559A406F5D78514ADA50FE573374D78FCC5C12C6D443D07311131B2542E2F/00E55.exe

Resource

win7-20220901-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral4

Sample

exe.ransomware.babuk/00/E5/59/00E559A406F5D78514ADA50FE573374D78FCC5C12C6D443D07311131B2542E2F/00E55.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral5

Sample

exe.ransomware.babuk/02/8F/AC/028FACFF67136DE55FE200177A190DA625C8E1713B4E7D95BF5FC5412A5AFFFC/028FA.exe

Resource

win7-20221111-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral6

Sample

exe.ransomware.babuk/02/8F/AC/028FACFF67136DE55FE200177A190DA625C8E1713B4E7D95BF5FC5412A5AFFFC/028FA.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral7

Sample

exe.ransomware.babuk/02/94/11/0294114D5F411B6C47EB255D4ED6865DF99D1C5252F4F585AABF44E6CBACAA59/02941.exe

Resource

win7-20221111-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral8

Sample

exe.ransomware.babuk/02/94/11/0294114D5F411B6C47EB255D4ED6865DF99D1C5252F4F585AABF44E6CBACAA59/02941.exe

Resource

win10v2004-20220901-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral9

Sample

exe.ransomware.babuk/02/E9/88/02E9883501635DA9B501E715BB827A0B9D0C265991F1263F073EB6C5D9B335C3/02E98.exe

Resource

win7-20221111-en

ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral10

Sample

exe.ransomware.babuk/02/E9/88/02E9883501635DA9B501E715BB827A0B9D0C265991F1263F073EB6C5D9B335C3/02E98.exe

Resource

win10v2004-20220901-en

ransomware

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral11

Sample

exe.ransomware.babuk/03/11/0B/03110BAA5AAD9D01610293F2B8CD21B44CC7EFA0A465E677D6B3F92510A4B1D7/03110.exe

Resource

win7-20221111-en

babuk ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral12

Sample

exe.ransomware.babuk/03/11/0B/03110BAA5AAD9D01610293F2B8CD21B44CC7EFA0A465E677D6B3F92510A4B1D7/03110.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral13

Sample

exe.ransomware.babuk/04/12/6B/04126B30C1C2663CDF2B6386781AEDBFCE2EF418A0B01DE510BD536903F577E3/04126.exe

Resource

win7-20220901-en

ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral14

Sample

exe.ransomware.babuk/04/12/6B/04126B30C1C2663CDF2B6386781AEDBFCE2EF418A0B01DE510BD536903F577E3/04126.exe

Resource

win10v2004-20220812-en

ransomware

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral15

Sample

exe.ransomware.babuk/04/9E/53/049E53F72C8AFA5CCB850429D55A00E2FBE799E68247FD13F5058146CF0F4CF8/049E5.exe

Resource

win7-20220901-en

ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral16

Sample

exe.ransomware.babuk/04/9E/53/049E53F72C8AFA5CCB850429D55A00E2FBE799E68247FD13F5058146CF0F4CF8/049E5.exe

Resource

win10v2004-20220812-en

ransomware

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral17

Sample

exe.ransomware.babuk/05/AD/C9/05ADC97ABE6349C6132AA4AB44006B51945225A1EC764C87B781D5044A4E176F/05ADC.exe

Resource

win7-20220901-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral18

Sample

exe.ransomware.babuk/05/AD/C9/05ADC97ABE6349C6132AA4AB44006B51945225A1EC764C87B781D5044A4E176F/05ADC.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral19

Sample

exe.ransomware.babuk/08/99/29/089929F1CDE37E9FD14DD09A7844272678AC48E47887EDE23B561D156FE50057/08992.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

exe.ransomware.babuk/08/99/29/089929F1CDE37E9FD14DD09A7844272678AC48E47887EDE23B561D156FE50057/08992.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

exe.ransomware.babuk/0B/93/A0/0B93A024B5D6874D7BB69ABD7F0E2D54A67C602584575A9B6D1212BAAE81442F/0B93A.exe

Resource

win7-20220812-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral22

Sample

exe.ransomware.babuk/0B/93/A0/0B93A024B5D6874D7BB69ABD7F0E2D54A67C602584575A9B6D1212BAAE81442F/0B93A.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral23

Sample

exe.ransomware.babuk/0B/BA/AB/0BBAABB3C8603C5C10BE282DFD13C776612FDE54D18DDD06A96AD42E9B3BAF23/0BBAA.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

exe.ransomware.babuk/0B/BA/AB/0BBAABB3C8603C5C10BE282DFD13C776612FDE54D18DDD06A96AD42E9B3BAF23/0BBAA.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

exe.ransomware.babuk/0C/55/C4/0C55C4FB23178948E0DF495158B290CCE676BC93C5927E8EA57D93B3128972F5/0C55C.exe

Resource

win7-20220812-en

babuk ransomware

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral26

Sample

exe.ransomware.babuk/0C/55/C4/0C55C4FB23178948E0DF495158B290CCE676BC93C5927E8EA57D93B3128972F5/0C55C.exe

Resource

win10v2004-20220812-en

babuk ransomware

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral27

Sample

exe.ransomware.babuk/0D/3A/60/0D3A60C89463AC1E39FA7CFF05F7AB365B32096E89F49000F26ECDD1D542D5EA/0D3A6.exe

Resource

win7-20220812-en

ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral28

Sample

exe.ransomware.babuk/0D/3A/60/0D3A60C89463AC1E39FA7CFF05F7AB365B32096E89F49000F26ECDD1D542D5EA/0D3A6.exe

Resource

win10v2004-20220812-en

ransomware spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral29

Sample

exe.ransomware.babuk/10/5A/F5/105AF5C40C65F51979308E022C25DD285DB3CD20E9656CAABA0E9B1FC253898B/105AF.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

exe.ransomware.babuk/10/5A/F5/105AF5C40C65F51979308E022C25DD285DB3CD20E9656CAABA0E9B1FC253898B/105AF.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

exe.ransomware.babuk/10/61/18/106118444E0A7405C13531F8CD70191F36356581D58789DFC5DF3DA7BA0F9223/10611.exe

Resource

win7-20221111-en

ransomware

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral32

Sample

exe.ransomware.babuk/10/61/18/106118444E0A7405C13531F8CD70191F36356581D58789DFC5DF3DA7BA0F9223/10611.exe

Resource

win10v2004-20220812-en

ransomware

windows10-2004-x64

9 signatures

150 seconds

Report Analysis Logs

General

Target

exe.ransomware.babuk/0B/BA/AB/0BBAABB3C8603C5C10BE282DFD13C776612FDE54D18DDD06A96AD42E9B3BAF23/0BBAA.exe
Size

68KB
MD5

4f10d3d19db282da43446544e07e7aab
SHA1

25a558a01a14282d4075490d6ca8beacd7cc4b06
SHA256

0bbaabb3c8603c5c10be282dfd13c776612fde54d18ddd06a96ad42e9b3baf23
SHA512

05eba8c6d07d10198014ca418c800df45dfb62e566ef7c20362773635fedffc083aa1de21b82aac54acfceb6f32ad3f9d627af605373f24b2fd4f2873fb27fd9
SSDEEP

1536:yHjUeTD0DsbEmDx1xhiBsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2hyqM8EQ:yDUeTD0gbrDx1xusrQLOJgY8Zp8LHD4D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\exe.ransomware.babuk\0B\BA\AB\0BBAABB3C8603C5C10BE282DFD13C776612FDE54D18DDD06A96AD42E9B3BAF23\0BBAA.exe
"C:\Users\Admin\AppData\Local\Temp\exe.ransomware.babuk\0B\BA\AB\0BBAABB3C8603C5C10BE282DFD13C776612FDE54D18DDD06A96AD42E9B3BAF23\0BBAA.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download